Auth bypass in Moby
CVE-2024-41110
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under sp…
EPSS: 0.033 (87.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Moby — versions >= 19.03.0, <= 19.03.15, >= 20.0.0, <= 20.10.27, >= 23.0.0, <= 23.0.14
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq (x_refsource_CONFIRM)
- https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 (x_refsource_MISC)
- https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 (x_refsource_MISC)
- https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 (x_refsource_MISC)
- https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b (x_refsource_MISC)
- https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 (x_refsource_MISC)
- https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 (x_refsource_MISC)
- https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 (x_refsource_MISC)
- https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f (x_refsource_MISC)
- https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2024-41110?
- CVE-2024-41110 is a critical-severity vulnerability in Moby, classified under Partial String Comparison. CVSS score: 10.0/10. Published 2024-07-24.
- How severe is CVE-2024-41110?
- Critical severity. CVSS v3 base score is 10.0 out of 10.
- Is CVE-2024-41110 known to be exploited?
- 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.