CVE-2024-41110: Authz zero length regression
(updated )
A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.
References
- github.com/advisories/GHSA-v23v-6jw2-98fq
- github.com/moby/moby
- github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191
- github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76
- github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919
- github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b
- github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0
- github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
- github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00
- github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f
- github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801
- github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
- github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
- nvd.nist.gov/vuln/detail/CVE-2024-41110
- www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
Detect and mitigate CVE-2024-41110 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →