Docker is warning about a critical flaw affecting certain versions of Docker Engine that could allow attackers to bypass authentication plugins (AuthZ) under certain circumstances.
Tracking Target CVE-2024-41110The bypass and privilege escalation vulnerability has a CVSS score of 10.0, indicating maximum severity.
“An attacker could exploit the bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request to the AuthZ plugin without a body, resulting in the request being incorrectly authorized,” Moby project maintainers said in the advisory.
According to Docker, the issue was originally discovered in 2018 and addressed in January 2019 in Docker Engine v18.09.1, but is a regression in that it was not carried over to subsequent versions (19.03 and beyond).
This issue was identified in April 2024 and has been resolved in versions 23.0.14 and 27.1.0 as of July 23, 2024. The following versions of Docker Engine are affected, assuming AuthZ is used for access control decisions:
- <= v19.03.15
- <= v20.10.27
- <= v23.0.14
- <= v24.0.9
- <= v25.0.5
- <= v26.0.2
- <= v26.1.4
- <= v27.0.3, and
- <= v27.1.0
“Users of Docker Engine v19.03.x and later versions that do not rely on authentication plugins for access control decisions, and users of all versions of Mirantis Container Runtime, are not affected by this vulnerability,” said Docker’s Gabriela Georgieva.
“Users of Docker commercial products and internal infrastructure that do not rely on the AuthZ plugin are not affected.”
It also affects Docker Desktop up to version 4.32.0, but the company says that exploitation is limited and requires access to the Docker API, meaning an attacker would already have local access to the host. A fix is planned for a future release (version 4.33).
“The default Docker Desktop configuration does not include the AuthZ plugin,” Georgieva points out, “so privilege escalation is limited to Docker Desktop (the virtual machine) and does not apply to the underlying host.”
While Docker has not mentioned CVE-2024-41110 being exploited in the wild, it is essential that users update their installations to the latest versions to mitigate any potential threats.
Earlier this year, Docker fixed a set of flaws known as Leaky Vessels that could allow attackers to compromise the host filesystem and escape from containers.
“As cloud services grow in popularity, so does the use of containers, which have become an integral part of cloud infrastructure,” Palo Alto Networks’ Unit 42 said in a report published last week. “While containers offer many benefits, they also present challenges, such as their susceptibility to attack techniques such as container escape.”
“Because containers share the same kernel and are often not fully isolated from the host’s user mode, they are susceptible to a variety of techniques used by attackers seeking to circumvent the limitations of the container environment.”
