Security News > 2024 > July > Docker fixes critical auth bypass flaw, again (CVE-2024-41110)

A critical-severity Docker Engine vulnerability may be exploited by attackers to bypass authorization plugins via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation.

"An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly," Docker Senior Security Engineer Gabriela Georgieva explained.

"Docker's default authorization model is all-or-nothing. Users with access to the Docker daemon can execute any Docker command."

It also impacts users of Docker Desktop versions up to v4.32.0, as they also include affected versions of Docker Engine.

To exploit the flaw in Docker Desktop, attackers need to have access to the Docker API, "Which usually means the attacker needs to already have local access to the host machine, unless the Docker daemon is insecurely exposed over TCP," Georgieva added.

Finally, the exploitation risk and potential is lesser because the default Docker Desktop configuration does not include AuthZ plugins, and privilege escalation is limited to the Docker Desktop VM. What should impacted users do?

News URL

https://www.helpnetsecurity.com/2024/07/25/cve-2024-41110/