Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Docker Engine
Alerts

Critical Vulnerability in Docker Engine

30 July 2024

Docker has released security updates addressing a critical vulnerability (CVE-2024-41110) in their Docker Engine application. The vulnerability has a maximum Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.

Successful exploitation of the vulnerability could allow attackers to bypass authorisation plugins, potentially resulting in unauthorised actions, including privilege escalation.

The vulnerability affects the following Docker Engine versions:

  • <= v19.03.15

  • <= v20.10.27

  • <= v23.0.14

  • <= v24.0.9

  • <= v25.0.5

  • <= v26.0.2

  • <= v26.1.4

  • <= v27.0.3

  • <= v27.1.0

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2024-41110

https://securityaffairs.com/166160/hacking/docker-engine-critical-flaw.html?utm_source=tldrinfosec

https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/