Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Mi 24.07.2024 00:01:07 61.956 0 3.574.077 57,7 Fosstodon 4.2.10 500 Di 23.07.2024 00:00:03 61.956 -3 3.570.705 57,6 Fosstodon 4.2.10 500 Mo 22.07.2024 00:01:10 61.959 +1 3.567.825 57,6 Fosstodon 4.2.10 500 So 21.07.2024 00:01:07 61.958 +1 3.564.861 57,5 Fosstodon 4.2.10 500 Sa 20.07.2024 00:01:10 61.957 +1 3.561.604 57,5 Fosstodon 4.2.10 500 Fr 19.07.2024 13:57:34 61.956 -1 3.558.474 57,4 Fosstodon 4.2.10 500 Do 18.07.2024 00:00:27 61.957 +1 3.553.476 57,4 Fosstodon 4.2.10 500 Mi 17.07.2024 00:01:10 61.956 -1 3.550.157 57,3 Fosstodon 4.2.10 500 Di 16.07.2024 00:00:36 61.957 +6 3.547.999 57,3 Fosstodon 4.2.10 500 Mo 15.07.2024 00:00:01 61.951 0 3.544.794 57,2 Fosstodon 4.2.10 500
Brandon Mitchell (@bmitch) · 11/2022 · Tröts: 546 · Folger: 258
Mi 24.07.2024 00:44
There's a new #Docker release fixing a #CVE (CVE-2024-41110) with a CVSS score of 10. That sounds bad, but this is likely a non-event for 99% of the installs, because the vulnerability is in the AuthZ plugin interface.
In all my installs, I don't think I've seen a single one using AuthZ plugins for security. Instead they treat access to the docker socket as full access to the user running the dockerd daemon.
https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
[Öffentlich] Antw.: 0 Wtrl.: 0 Fav.: 0