CVE-2024-41110 - Vulnerability Patching Notice - Docker AuthZ Bypass
Vulnerability Title | AuthZ Plugin Bypass Regression in Docker Engine | |
---|---|---|
CVE Number | CVE-2024-41110 | |
CVSS Score (Highest) | 10.0 CRITICAL (From GitHub) | |
UKRI/STFC Criticality Rating | CRITICAL | |
Vulnerability Notification Date | 10/09/2024 | |
Action Completion Date | 24/09/2024 | |
Affected Components | Software components: docker-ce (moby) Affected Versions: | |
Impacted Operating Systems | All Operating Systems running the above software packages are affected. | |
Brief Summary | “Docker’s default authorization model is all-or-nothing. Users with access to the Docker daemon can execute any Docker command. For greater access control, authorization plugins (AuthZ) can be used. These plugins approve or deny requests to the Docker daemon based on authentication and command context. In 2018, a security issue was discovered where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later versions, resulting in a regression.” - https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/ | |
Links to detailed information | Information from the NVD at NIST (US) and Links to patch commits: GitHub Security Advisory: Docker Community Notice: | |
CWE - Common Weakness Enumeration (Category) | http://cwe.mitre.org/data/definitions/863.html | |
Patched Component Versions | Software Component: docker-ce Patched Versions: | |
How do I check if my machine is affected? | Ubuntu 20.04 Focal | Run the following command to check the installed version of If the returned version substring does not match one of the patched versions above, you are affected. |
Ubuntu 22.04 Jammy | Run the following command to check the installed version of If the returned version substring does not match one of the patched versions above, you are affected. | |
Rocky 8 | Run the following command to check the installed version of If the returned version substring does not match one of the patched versions above, you are affected. | |
Rocky 9 | Run the following command to check the installed version of If the returned version substring does not match one of the patched versions above, you are affected. | |
How do I fix my affected machines? | Ubuntu 20.04 Focal | Run the following commands to update all system packages, and reboot the machine to apply the change:
|
Ubuntu 22.04 Jammy | Run the following commands to update all system packages, and reboot the machine to apply the change:
| |
Rocky 8 | Run the following commands to update all system packages, and reboot the machine to apply the change:
| |
Rocky 9 | Run the following commands to update all system packages, and reboot the machine to apply the change:
| |
Do I need to do anything else? | N/A | |
Contact Information | If you have any questions, concerns, or need assistance regarding this vulnerability notice please submit a ticket to cloud-support@stfc.ac.uk, including the name of the vulnerability in the subject line and we’ll get back to you as soon as possible. |