cve 2024 41110

CVE-2024-41110 is a vulnerability in Docker Engine that allows authorization bypass via the AuthZ plugin path. A regression in Moby's authorization code causes the engine to forward API calls to AuthZ plugins without the request body when a client sets a zero Content-Length header. This enables attackers to bypass authorization checks that rely on the request body, potentially leading to unauthorized actions and privilege escalation. The bug was originally fixed in 2019 but the fix was not carried into later release branches. Patches were issued in July 2024. This tag covers discussions on the vulnerability, its impact on environments using authorization plugins, and guidance on patching and mitigation.