Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.

The flaw was initially discovered and fixed in Docker Engine v18.09.1, released in January 2019, but for some reason, the fix wasn’t carried forward in later versions, so the flaw resurfaced.

This dangerous regression was identified only in April 2024, and patches were eventually released today for all supported Docker Engine versions.

Read more from the source below.

Source: bleepingcomputer.com