Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-41110
CVE-2024-41110:
cAdvisor vulnerability analysis and mitigation
Overview
CVE-2024-41110 is a critical security vulnerability discovered in Docker Engine that allows attackers to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability affects Docker Engine versions through v19.03.15, v20.10.27, v23.0.14, v24.0.9, v25.0.5, v26.0.2, v26.1.4, v27.0.3, and v27.1.0. Originally fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression that was identified in April 2024 (Docker Blog, GitHub Advisory).
Technical details
The vulnerability exploits a condition where an Engine API client can make the daemon forward requests or responses to an authorization plugin without the body by using a specially-crafted API request with Content-Length set to 0. In certain circumstances, the authorization plugin may incorrectly allow a request that it would have otherwise denied if the body had been forwarded to it. The vulnerability has been assigned a CVSS v3.1 base score of 9.9 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (GitHub Advisory).
Impact
Successful exploitation of this vulnerability could lead to unauthorized actions, including privilege escalation. The impact is particularly significant for users who depend on authorization plugins that introspect the request and/or response body to make access control decisions. For Docker Desktop users, the impact is limited as exploitation requires access to the Docker API, and privilege escalation is confined to the Docker Desktop VM rather than the underlying host (Docker Blog).
Mitigation and workarounds
Docker has released patches to fix the vulnerability in docker-ce v27.1.1 and has merged fixes into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. For users unable to update immediately, recommended mitigations include avoiding the use of AuthZ plugins and restricting access to the Docker API to trusted parties, following the principle of least privilege. Docker Desktop users should update to version 4.33 or later, which includes the patched version of Docker Engine (Docker Blog, GitHub Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management