CVE-2024-41110
"Docker AuthZ Plugin Bypass Vulnerability"
Description
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.
INFO
Published Date :
July 24, 2024, 5:15 p.m.
Last Modified :
Nov. 21, 2024, 9:32 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
6.0
Exploitability Score :
3.1
Public PoC/Exploit Available at Github
CVE-2024-41110 has a 7 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-41110.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
SUSE Rancher's VEX Hub repository
rancher vexhub
None
Python
CVE-2024-41110 docker AuthZ exploit
Go
None
Python
None
Archived EGI SVG Advisories
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-41110 vulnerability anywhere in the article.
-
The Register
How to jailbreak ChatGPT and trick the AI into writing exploit code using hex encoding
OpenAI's language model GPT-4o can be tricked into writing exploit code by encoding the malicious instructions in hexadecimal, which allows an attacker to jump the model's built-in security guardrails ... Read more
-
Dark Reading
Mozilla: ChatGPT Can Be Manipulated Using Hex Code
Source: Igor Stevanovic via Alamy Stock PhotoA new prompt-injection technique could allow anyone to bypass the safety guardrails in OpenAI's most advanced language learning model (LLM).GPT-4o, release ... Read more
-
Cybersecurity News
Cybercriminals Evolve Social Engineering Tactics, Exploit CVE-2022-26923 in Sophisticated Campaign
Credential harvester prompt spawned by `AntiSpam.exe | Image: Rapid7 Recently, cybersecurity firm Rapid7 identified a series of sophisticated intrusion attempts linked to an ongoing social engineering ... Read more
-
tripwire.com
VERT Threat Alert: August 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.CVE ... Read more
-
Cybersecurity News
CVE-2024-5290: Wi-Fi Flaw Leaves Millions Vulnerable to Root Takeover
Security researchers have uncovered a critical vulnerability in wpa_supplicant, a ubiquitous software component responsible for managing Wi-Fi connections on countless devices. The flaw, dubbed CVE-20 ... Read more
-
Cybersecurity News
Cisco Warns of Public PoC Exploit Code of Critical CVE-2024-20419 (CVSS 10) Flaw
Cisco has recently updated its security advisory, alerting users to a critical vulnerability identified as CVE-2024-20419. This flaw affects the Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem ... Read more
-
Cybersecurity News
Apache CloudStack Releases Critical Patches (CVE-2024-42062 and CVE-2024-42222)
The Apache CloudStack project has issued an urgent security advisory, urging users to update their software immediately to address two critical vulnerabilities, CVE-2024-42062 and CVE-2024-42222. Thes ... Read more
-
The Cyber Express
Weekly Vulnerability Report: Cyble Urges Fixes in ServiceNow, Outlook, Docker Engine
Cyble Research & Intelligence Labs (CRIL) researchers investigated 22 security vulnerabilities this week, plus industrial control system (ICS) vulnerabilities and dark web exploits, to help us arrive ... Read more
-
Cyber Security News
Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More
The essential intelligence briefing for the security community is accomplished through the weekly cybersecurity newsletter. As it discusses a range of things including new strains of malware, advanced ... Read more
-
TheCyberThrone
Spring Cloud Dataflow Vulnerability -CVE-2024-37084
A critical vulnerability has been identified in Spring Cloud Data Flow, a popular microservices-based streaming and batch data processing platform used in Cloud Foundry and Kubernetes environments.Thi ... Read more
-
TheCyberThrone
Docker fixes Critical Vulnerability -CVE-2024-41110
Docker has released an urgent security advisory that has fixes for a critical vulnerability in certain versions of Docker Engine that allows attackers to bypass authorization plugins.The vulnerability ... Read more
-
TheCyberThrone
SIEMENS Fixes Several Vulnerabilities in SICAM Products
Siemens has released critical security advisory for its SICAM products vulnerabilities that could lead to unauthorized access and data leaks. The affected products include the SICAM A8000 RTUs, SICAM ... Read more
-
Help Net Security
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unaut ... Read more
-
The Hacker News
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
Container Security / Vulnerability Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specifi ... Read more
The following table lists the changes that have been made to the
CVE-2024-41110 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 Added Reference https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 Added Reference https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 Added Reference https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b Added Reference https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 Added Reference https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 Added Reference https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 Added Reference https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f Added Reference https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 Added Reference https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb Added Reference https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq Added Reference https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html Added Reference https://security.netapp.com/advisory/ntap-20240802-0001/ Added Reference https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin -
CVE Modified by [email protected]
Jul. 30, 2024
Action Type Old Value New Value Changed Description Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. -
CVE Received by [email protected]
Jul. 24, 2024
Action Type Old Value New Value Added Description Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. Added Reference GitHub, Inc. https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq [No types assigned] Added Reference GitHub, Inc. https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 [No types assigned] Added Reference GitHub, Inc. https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 [No types assigned] Added Reference GitHub, Inc. https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 [No types assigned] Added Reference GitHub, Inc. https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b [No types assigned] Added Reference GitHub, Inc. https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 [No types assigned] Added Reference GitHub, Inc. https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 [No types assigned] Added Reference GitHub, Inc. https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 [No types assigned] Added Reference GitHub, Inc. https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f [No types assigned] Added Reference GitHub, Inc. https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 [No types assigned] Added Reference GitHub, Inc. https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb [No types assigned] Added Reference GitHub, Inc. https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin [No types assigned] Added CWE GitHub, Inc. CWE-444 Added CWE GitHub, Inc. CWE-187 Added CWE GitHub, Inc. CWE-863 Added CVSS V3.1 GitHub, Inc. AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-41110 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-41110
weaknesses.