Summary A significant vulnerability (CVE-2024-41110) was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 (critical). Details About The Vulnerability Users with access to the Docker daemon can execute any Docker command. To enhance access control, Docker utilizes advanced authorization plugins like AuthZ. The AuthZ plugin is responsible for approving or denying requests to the Docker daemon based on authentication and the command context. However, security researchers have identified a vulnerability that allows bypassing the AuthZ plugin, leading to privilege escalation. The flaw occurs when an HTTP request with a Content-Length header set to '0' is sent, which causes the request to be forwarded to the AuthZ plugin without its body, leading to the acceptance of requests that would have ideally been denied! Basic Architecture Of Access Authorization Plugins Docker's default authorization model operates on an all-or-nothing basis. Any user who has access to the Docker daemon can execute any Docker client command. The same applies to callers using Docker's Engine API. For a more granular access control, you can create and integrate authorization plugins into your Docker daemon configuration. With these plugins, a Docker administrator can set up detailed access policies to manage permissions for…Read More