HomeVulnerabilityDocker re-fixes a crucial authorization bypass vulnerability

Docker re-fixes a crucial authorization bypass vulnerability

“An attacker may exploit a bypass utilizing an API request with Content material-Size set to 0, inflicting the Docker daemon to ahead the request with out the physique to the AuthZ plugin, which could approve the request incorrectly,” Docker mentioned within the advisory.

The AuthZ plugin would have in any other case denied the request if the physique had been forwarded to it, the corporate added.

Low exploitability

The vulnerability was initially fastened in a January 2019 rollout, Docker Engine v18.09.1. Nevertheless, subsequent rollouts together with Docker Engine v19.03 and newer variations didn’t embrace the repair, resulting in regression.

See also  Vital NVIDIA Container Toolkit Vulnerability Might Grant Full Host Entry to Attackers
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular