
A serious security vulnerability in Docker Engine recently received a patch, forcing users to rush for updates. If exploited, the vulnerability could allow bypassing permissive plugins, but only under certain conditions, making it relatively rare to exploit. However, the severity of the error still requires the attention of users.
Possible exploit of Docker Engine vulnerability ‘under certain circumstances’
According to a recent Advisorya critical AuthZ bypass and privilege escalation vulnerability compromised the security of Docker Engine.
As explained, the vulnerability existed because of how the allow plugin could allow a request that should otherwise be blocked. Therefore, an attacker can exploit this flaw by sending a maliciously crafted API request, gaining elevated privileges.
An attacker could exploit a bypass using an API request with Content-Length set to 0, which would cause the Docker daemon to send the request to the AuthZ plugin without a body. which may wrongly approve the application.
While Docker noticed this vulnerability in April 2024, the advisory further explained that this is not a new issue. Instead, this security vulnerability first surfaced online in 2018, later patched with Docker Engine. v18.09.1 In January 2019. However, the patch did not appear in later releases, thus the following versions are vulnerable to the same security issue. Thus, Docker Engine v19.03 and newer versions are all vulnerable. However, the advisory clarifies,
Not all versions of Docker EE v19.03.x and Mirantis Container Runtime are vulnerable.
This vulnerability, CVE-2024-41110, received a severe severity rating with a CVSS score of 10.0. Noting this issue, Docker fixed the vulnerability with docker-ce v27.1.1 and released the patch with the 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches.
Given the severity of this security issue and Patch availabilityIt is important for all users to make sure to update to the latest fixed release.
However, for cases where a quick fix is not feasible, Docker Advised users to avoid using the AuthZ plugin and restrict Docker API access to trusted parties only as a temporary mitigation. Since exposure to this vulnerability gets a patched Docker Engine release.
Let us know your thoughts in the comments.