Docker Users Beware: CVE-2024-41110 (CVSS 10) Could Lead to System Takeover

CVE-2024-41110

Docker has issued a security advisory for a critical vulnerability affecting certain versions of Docker Engine. This vulnerability, identified as CVE-2024-41110, has a CVSS score of 10, indicating a critical severity. The issue allows attackers to bypass authorization plugins (AuthZ) under specific circumstances, potentially leading to unauthorized actions, including privilege escalation. While the base likelihood of exploitation is low, the impact could be significant, prompting immediate attention from Docker users.

The vulnerability enables malicious actors to bypass authorization plugins (AuthZ) under certain conditions. AuthZ plugins are designed to enforce granular access controls within the Docker Engine environment. However, the regression allows attackers to craft API requests that circumvent these checks, potentially granting them unauthorized permissions.

The CVE-2024-41110 vulnerability affects Docker Engine versions 19.03.x and later, specifically, those configured to utilize AuthZ plugins. Users not employing AuthZ plugins or those running older Docker Engine versions are not susceptible.

While the likelihood of exploitation is deemed low, the potential impact is significant, especially in production environments where Docker Engine plays a crucial role in container orchestration and deployment.

The impact on Docker Desktop, a popular development tool, is less severe. Exploitation requires access to the Docker API, typically necessitating local access to the machine unless the daemon is insecurely configured. Furthermore, Docker Desktop’s default configuration does not include AuthZ plugins. However, Docker recommends updating to version 4.33, which will contain a patched version of Docker Engine.

Docker strongly advises all affected users to take immediate action:

  1. Update Docker Engine: Update to the latest patched version of Docker Engine as soon as possible.
  2. Mitigation: If an immediate update is not feasible, disable AuthZ plugins temporarily and restrict access to the Docker API.
  3. Update Docker Desktop: Update to Docker Desktop version 4.33 upon release.

Related Posts: