Critical Bug in Docker Engine Allowed Attackers to Bypass Authorization Plugins
A critical vulnerability in Docker Engine allows attackers to bypass authorization, risking unauthorized access to containers. Organizations are urged to apply patches and enhance security measures to mitigate these risks.
Read original article
A critical vulnerability in Docker Engine has been identified, allowing attackers to bypass authorization plugins. This flaw poses significant security risks as it enables unauthorized access to Docker containers, potentially leading to data breaches and system compromises. The vulnerability highlights the importance of maintaining robust security measures and timely updates for software applications. Organizations using Docker are advised to implement immediate patches and review their security protocols to mitigate the risks associated with this exploit. The incident underscores the ongoing challenges in cybersecurity, particularly in managing vulnerabilities in widely used software platforms. As cyber threats continue to evolve, it is crucial for companies to remain vigilant and proactive in their security strategies to protect sensitive data and maintain operational integrity.
Related
Apple CocoaPods Bugs Expose Apps to Code Injection
Millions of Apple apps face code injection risks from critical vulnerabilities in CocoaPods. E.V.A Information Security discovered three major flaws, including remote code execution. Developers are urged to address vulnerabilities promptly.
Remote Unauthenticated Code Execution in OpenSSH Server
Qualys found regreSSHion, a critical RCE flaw in OpenSSH on glibc-based Linux systems. Over 14 million servers are at risk, with potential root access. Qualys created an exploit but delays release for patching.
3M iOS and macOS apps were exposed to potent supply-chain attacks
Vulnerabilities in CocoaPods server exposed 3 million apps to supply-chain attacks for a decade. Flaws allowed hackers to inject malicious code, compromising sensitive user data. Developers urged to prioritize security measures.
'Almost every Apple device' vulnerable to CocoaPods
Security researchers found vulnerabilities in CocoaPods, allowing malicious code insertion and remote code execution. Pod owners were at risk of a zero-click takeover. CocoaPods issued patches, emphasizing the need for secure software development practices.
Threat actors quick to weaponize PoC exploits; 6.8% of all internet traffic DDoS
Hackers exploit PoC exploits within 22 minutes of release, leaving little time for defense. Cloudflare advises using AI for quick detection rules. DDoS attacks contribute to 6.8% of daily internet traffic, rising to 12% during major events.
5 commentshttps://developers.redhat.com/blog/2020/09/25/rootless-conta...
I would assume (many/most) users who run docker directly run it without api access on the network (i.e. on a single host).
Even those that do want network deployments of docker, probably run it through something like k8s where again kubernetes is handling the networking side, and each dockerd doesn't need to expose a network accessible api).
just wondering the use case for this.
Without further information, this sounds like code introduced in a hotfix that wasn't merged back to feature branches.
Surely it's not that simple?
Related
Apple CocoaPods Bugs Expose Apps to Code Injection
Millions of Apple apps face code injection risks from critical vulnerabilities in CocoaPods. E.V.A Information Security discovered three major flaws, including remote code execution. Developers are urged to address vulnerabilities promptly.
Remote Unauthenticated Code Execution in OpenSSH Server
Qualys found regreSSHion, a critical RCE flaw in OpenSSH on glibc-based Linux systems. Over 14 million servers are at risk, with potential root access. Qualys created an exploit but delays release for patching.
3M iOS and macOS apps were exposed to potent supply-chain attacks
Vulnerabilities in CocoaPods server exposed 3 million apps to supply-chain attacks for a decade. Flaws allowed hackers to inject malicious code, compromising sensitive user data. Developers urged to prioritize security measures.
'Almost every Apple device' vulnerable to CocoaPods
Security researchers found vulnerabilities in CocoaPods, allowing malicious code insertion and remote code execution. Pod owners were at risk of a zero-click takeover. CocoaPods issued patches, emphasizing the need for secure software development practices.
Threat actors quick to weaponize PoC exploits; 6.8% of all internet traffic DDoS
Hackers exploit PoC exploits within 22 minutes of release, leaving little time for defense. Cloudflare advises using AI for quick detection rules. DDoS attacks contribute to 6.8% of daily internet traffic, rising to 12% during major events.