CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-41110

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.01684/1

CVE-2024-41110 is a security vulnerability in Docker Engine that allows attackers to bypass authorization plugins (AuthZ) under specific circumstances, potentially leading to unauthorized actions. This vulnerability involves a specially-crafted API request that can cause the Docker daemon to forward requests or responses to an authorization plugin without the body. While a similar issue was fixed in Docker Engine v18.09.1, the fix wasn't carried forward to later major versions, causing a regression.

The SVRS score of 30 indicates a low level of immediate threat, even though exploits are available, it has a lower likelihood of being exploited in general, so it does not necessiate an immediate fix. If you rely on AuthZ plugins that inspect the request/response body for access control, you're potentially at risk. While Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable, users of affected Docker versions should upgrade to docker-ce v27.1.1 or later. Mitigation strategies include avoiding AuthZ plugins and restricting access to the Docker API to trusted parties, following the principle of least privilege.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
PUBLICATION DATE2024-07-24
LAST MODIFIED2024-07-30
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-41110 is a security vulnerability in Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. However, the SVRS of 34 indicates that this vulnerability is still a moderate risk and should be addressed promptly.

Key Insights

  • Authorization Bypass: This vulnerability allows an attacker to bypass authorization plugins, which could lead to unauthorized actions, including privilege escalation.
  • Regression: This vulnerability was previously fixed in Docker Engine v18.09.1 but was reintroduced in later major versions.
  • Active Exploits: Active exploits have been published to exploit this vulnerability, making it a high-priority threat.

Mitigation Strategies

  • Upgrade Docker Engine: Upgrade to Docker Engine v27.1.1 or later to patch the vulnerability.
  • Disable AuthZ Plugins: If you are unable to upgrade immediately, disable AuthZ plugins or restrict access to the Docker API to trusted parties.
  • Follow Least Privilege: Implement the principle of least privilege to limit the potential impact of an attack.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In The Wild: This vulnerability is actively exploited by hackers.

If you have any further questions regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
secsaburo/CVE-2024-41110-https://github.com/secsaburo/CVE-2024-41110-2024-07-26
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-7161-3: Docker vulnerability
2025-04-16
USN-7161-3: Docker vulnerability | USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. This update fixes it for source package docker.io in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. These updates only address the docker library and not the docker.io application itself, which was already patched in the previous USNs (USN-7161-1 and USN-7161-2). Original advisory details: Yair Zak discovered that Docker
ubuntu.com
rss
forum
news
USN-7161-2: Docker vulnerabilities
2025-02-18
USN-7161-2: Docker vulnerabilities | USN-7161-1 fixed CVE-2024-29018 in Ubuntu 24.04 LTS. This update fixes it in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. USN-7161-1 fixed CVE-2024-41110 in Ubuntu 24.10, Ubuntu 24.04 LTS, and Ubuntu 18.04 LTS. This updates fixes it in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details: Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only
ubuntu.com
rss
forum
news
Cybersecurity Weekly Brief: Latest on Attacks, Vulnerabilities, & Data Breaches
Guru Baran2025-02-09
Cybersecurity Weekly Brief: Latest on Attacks, Vulnerabilities, & Data Breaches | Welcome to this week’s Cybersecurity Newsletter, which provides the latest updates and key insights from the ever-evolving field of cybersecurity. In the current fast-paced digital landscape, it is essential to remain informed. Our objective is to deliver the most pertinent information that will assist you in effectively navigating these challenges. This edition focuses on emerging […] The post Cybersecurity Weekly Brief: Latest on Attacks, Vulnerabilities, & Data Breaches appeared first
cybersecuritynews.com
rss
forum
news
A wolf in DOGE’s clothing? - The CyberWire
2025-02-04
A wolf in DOGE’s clothing? - The CyberWire | News Content: DOGE’s unchecked access to federal networks sparks major cybersecurity fears. Senator Hawley’s AI ban targets China and raises free speech concerns. Apple service ticket portal vulnerability exposed millions of users’ data. North Korean ‘FlexibleFerret’ malware targets macos via job scams and fake zoom apps. February 2025 android security update fixes 48 vulnerabilities, including exploited zero-day. Grubhub data breach exposes customer and driver information. Abandoned cloud infrastructure creates major security risks. Texas to launch its own Cyber Command amid rising cyber threats. Dell PowerProtect vulnerabilities pose critical security
google.com
rss
forum
news
USN-7161-1: Docker vulnerabilities
2024-12-16
USN-7161-1: Docker vulnerabilities | Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed in Ubuntu 24.04 LTS. (CVE-2024-29018) Cory Snider discovered that Docker did not properly handle authorization plugin request processing. An attacker could possibly use this issue to bypass authorization controls by forwarding API requests without their full body, leading to unauthorized actions. (CVE-2024-41110)
ubuntu.com
rss
forum
news
CVE-2024-41110 | Docker Engine/moby AuthZ partial string comparison (GHSA-v23v-6jw2-98fq / Nessus ID 208930)
vuldb.com2024-10-14
CVE-2024-41110 | Docker Engine/moby AuthZ partial string comparison (GHSA-v23v-6jw2-98fq / Nessus ID 208930) | A vulnerability was found in Docker Engine and moby. It has been classified as very critical. Affected is an unknown function of the component AuthZ. The manipulation leads to partial string comparison. This vulnerability is traded as CVE-2024-41110. It is possible to launch the attack remotely
cve-2024-41110
domains
urls
cves
FOCUS FRIDAY: MANAGING THIRD-PARTY RISKS FROM DAHUA IP CAMERA, SONICWALL FIREWALL, AND WPML, FILECATALYST WORKFLOW VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™
Ferdi Gül2024-08-30
FOCUS FRIDAY: MANAGING THIRD-PARTY RISKS FROM DAHUA IP CAMERA, SONICWALL FIREWALL, AND WPML, FILECATALYST WORKFLOW VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™ | Written By: Ferdi GülContributor: Ferhat Dikbiyik Welcome to this week’s Focus Friday, where we dive into the latest high-profile cybersecurity incidents impacting third-party risk management (TPRM). In today’s blog, we explore critical vulnerabilities in Dahua IP Cameras, SonicWall Firewalls, WPML plugin for WordPress, and Fortra’s FileCatalyst Workflow. These vulnerabilities present significant risks to organizations relying [&#8230;] The post <a href="https://blackkite.com/blog/focus-friday-managing-third-party-risks-from-dahua-ip-camera-sonicwall-firewall-and-wpml-filecatalyst-workflow-vulnerabilities-with-black-kites-focustags/
cve-2024-39949
cve-2024-39948
cve-2024-39932
cve-2021-34473

Social Media

This addresses the following vulnerabilities: CVE-2024-41110 CVE-2024-28180 CVE-2024-24790 CVE-2024-24789 CVE-2023-4039 CVE-2022-27943 CVE-2019-1010025 CVE-2019-1010024 CVE-2019-1010023 CVE-2019-1010022 CVE-2019-9192 CVE-2018-20796 CVE-2012-2663 CVE-2010-4756 N/A Security 5/6
1
0
0
#Vulnerability #AuthZPlugin Docker Users Beware: CVE-2024-41110 (CVSS 10) Could Lead to System Takeover https://t.co/lVlHGsD18Q
0
0
0
Docker fixes critical auth bypass flaw, again (CVE-2024-41110) | #HelpNetSecurity #CyberSecurity https://t.co/qm77GKOaM5
0
0
0
Actively exploited CVE ID, source in the thread (generated, not vetted) CVE-2024-41110
1
0
0
Docker fixes critical auth bypass flaw, again (CVE-2024-41110) - Help Net Security https://t.co/MMcC89SbGv via @GoogleNews
0
0
0
Alerta Docker! 🚨 Uma falha crítica no Docker Engine (CVE-2024-41110) permite driblar plug-ins de autorização. Basta uma API com "Content-Length" zerado pra passar batido!
1
0
0
CVE-2024-41110 : Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins "An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin.
1
0
1
Docker fixes critical auth bypass flaw, again (CVE-2024-41110) https://t.co/gCEwggujwX
0
0
0
🚨 Critical Vulnerability in Docker Engine Leads to Authorization Bypass A severe vulnerability (CVE-2024-41110) in Docker Engine allows attackers to bypass authorization plugins, with a CVSS score of 10.0. Here is what you need to know: 🧵 https://t.co/LBa4SUpcpX
1
0
0
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018: The vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018. The post Docker Patches Critical AuthZ Plugin Bypass… https://t.co/15JmeMLo4z https://t.co/uTRHQrm08a
0
1
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191
[email protected]https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76
[email protected]https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919
[email protected]https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b
[email protected]https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0
[email protected]https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
[email protected]https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00
[email protected]https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f
[email protected]https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801
[email protected]https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
[email protected]https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
[email protected]https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin

CWE Details

CWE IDCWE NameDescription
CWE-863Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to smuggle a request to one device without the other device being aware of it.
CWE-187Partial String ComparisonThe software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence