Summary: Recently disclosed vulnerabilities in Docker highlight critical security risks that could potentially allow attackers to exfiltrate sensitive data or bypass authorization controls. These issues, tagged under CVE-2024-29018 and CVE-2024-41110, require immediate attention and mitigation to safeguard environments utilizing Docker.
The issue was uncovered by security researcher Yair Zak, which involves an unexpected behavior in Docker's handling of DNS requests in internal networks. In theory, Docker containers on internal networks should be isolated and unable to communicate with external networks. However, due to misconfigurations in dockerd (the Docker daemon), DNS requests can be inappropriately routed, allowing them to be forwarded to external nameservers.
This vulnerability chiefly arises from the mechanism whereby Docker containers could circumvent expected network isolation by manipulating DNS queries. If an attacker controls the DNS nameserver, they could potentially capture confidential data transmitted through these queries.
Action Required: Moby, Docker's core project, has released patches (versions 26.0.0, 25.0.4, and 23.0.11). Users of Docker are advised to upgrade immediately to these versions to mitigate risks associated with this vulnerability. For those unable to upgrade, consider reconfiguring DNS settings to prevent containers from using an external DNS resolver.
Discovered by Cory Snider, this vulnerability in Docker Engine's authorization plugin mechanism can be exploited by attackers to bypass security controls. The flaw allows attackers to forward API requests without including the request body, which normally contains elements vital for security checks by the authorization plugins.
This loophole can result in unauthorized actions, adversely affecting the security posture of Docker environments. Notably, Docker Engine v18.09.1 had addressed a similar issue back in 2019, but subsequent versions failed to incorporate the necessary fixes, reintroducing the risk.
Action Required: Docker has patched this vulnerability in the latest releases starting from docker-ce v27.1.1. Users are urged to update their Docker installations to these versions. As an interim measure, limit the use of AuthZ plugins and restrict Docker API access to trusted entities only.
Addressing these vulnerabilities swiftly is crucial for maintaining the integrity and security of Docker environments. By staying informed and proactive in applying security updates, organizations can defend against potential exploits derived from these vulnerabilities. Ensure continuous monitoring and adherence to security best practices to mitigate associated risks effectively.