“An attacker could exploit an API request with a Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which could incorrectly authenticate the request,” Docker said in an advisory.
The AuthZ plugin would not have rejected the request if the body had been passed to it, the company added.
Low exploitation
The vulnerability was initially fixed in the January 2019 release, Docker Engine v18.09.1. However, subsequent releases including Docker Engine v19.03 and newer versions did not include the fix, resulting in a regression.
Source link