Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2024-41110 #3005

Closed
GoVulnBot opened this issue Jul 24, 2024 · 2 comments
Closed

x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2024-41110 #3005

GoVulnBot opened this issue Jul 24, 2024 · 2 comments

Comments

@GoVulnBot
Copy link

Advisory CVE-2024-41110 references a vulnerability in the following Go modules:

Module
github.com/moby/moby

Description:
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.

Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had bee...

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/moby/moby
      vulnerable_at: 27.1.1+incompatible
summary: CVE-2024-41110 in github.com/moby/moby
cves:
    - CVE-2024-41110
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41110
    - fix: https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191
    - fix: https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76
    - fix: https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919
    - fix: https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b
    - fix: https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0
    - fix: https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
    - fix: https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00
    - fix: https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f
    - fix: https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801
    - fix: https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
    - web: https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
    - web: https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
source:
    id: CVE-2024-41110
    created: 2024-07-24T18:01:20.423262654Z
review_status: UNREVIEWED

@jiridudekusy
Copy link

jiridudekusy commented Jul 27, 2024

Please add this vulnerability to the database.

@tatianab tatianab self-assigned this Jul 29, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/601387 mentions this issue: data/reports: add GO-2024-3005

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants