“An attacker may exploit a bypass utilizing an API request with Content material-Size set to 0, inflicting the Docker daemon to ahead the request with out the physique to the AuthZ plugin, which could approve the request incorrectly,” Docker mentioned within the advisory.
The AuthZ plugin would have in any other case denied the request if the physique had been forwarded to it, the corporate added.
Low exploitability
The vulnerability was initially fastened in a January 2019 rollout, Docker Engine v18.09.1. Nevertheless, subsequent rollouts together with Docker Engine v19.03 and newer variations didn’t embrace the repair, resulting in regression.