A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely, without any user interaction, and even the attack complexity is low. “An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request … More
The post Docker fixes critical auth bypass flaw, again (CVE-2024-41110) appeared first on Help Net Security.