docker

Back Open Paginator
25.07.2024 09:48
83r71n (@83r71n@ioc.exchange)

A critical flaw in Docker Engine, tracked as CVE-2024-41110, allows attackers to bypass authorization plugins under specific conditions. This vulnerability, with a CVSS score of 10.0, indicates maximum severity. It involves exploiting an API request with a Content-Length set to 0, tricking the Docker daemon into forwarding the request without the body to the AuthZ plugin, potentially leading to incorrect approval of the request. This issue was initially discovered in 2018 and fixed in Docker Engine v18.09.1 in January 2019, but it wasn't applied to subsequent versions until recently. Versions affected include those up to v19.03.15, v20.10.27, v23.0.14, v24.0.9, v25.0.5, v26.0.2, v26.1.4, v27.0.3, and v27.1.0, assuming AuthZ is used for access control decisions. Users relying on AuthZ plugins are at risk unless they update to versions 23.0.14 and 27.1.0 released on July 23, 2024. Docker Desktop versions up to 4.32.0 are also affected, though the chance of exploitation is low due to the need for local access to the host and the absence of AuthZ plugins in default configurations. Docker advises updating to the latest version to mitigate potential threats.

docker.com/blog/docker-securit

#cybersecurity #docker #vulnearbility #cve #authz #dockerengine #dockerdesktop #api #plugins #threat #update




Show Original Post


25.07.2024 09:12
habr (@habr@zhub.link)

Как обеспечить масштабируемость проекта со старта и подстроить CI/CD под свои цели? Основано на реальных событиях

Привет, Хабр. На связи Михаил, я бэкенд-разработчик в Clevertec . Моя работа связана с проектом, который начинался с создания личного кабинета клиента и развился в экосистему, растущую вместе с бизнесом. На его примере я расскажу, как можно изменять подход к CI/CD, чтобы не тормозить рост проекта и оптимизировать работу команды.

habr.com/ru/companies/cleverte

#ci #cd #docker #gitflow #микросервисы #непрерывная_интеграция #непрерывная_поставка #масштабирование #gitlab




Show Original Post


25.07.2024 08:01
digitalhuman (@digitalhuman@mastodon.social)

Beveiligingslek in docker engine ontdekt: cve-2024-41110 risicoanalyse trendingtech.news/trending-new #Docker Engine CVE-2024-41110 #AuthZ plugins beveiligingslek #Docker beveiligingsupdate #CVE kwetsbaarheid analyse #Containerisatie veiligheidsrisico's #Trending #News #Nieuws




Show Original Post


25.07.2024 07:27
jackie (@jackie@chaos.social)

Women && Code summer party coming up in Vienna on Aug. 10 at the Angewandte, starting in the early afternoon: meetup.com/womenandcode/events

And before the summer party, the Feminist Linux Meetup will host a free (as in gratis, but also based on F/LOSS) and hybrid (remote participation is possible) Docker Intro workshop from 10 to 14 o'clock. The details for that are here: feminist-linux.diebin.at/2024/

#womenandcode #docker #intro #technofeminism 🏳️‍🌈 ♀️ :trans_flag: :nonbinary_flag: :intersex_flag: 🐧 💪




Show Original Post


25.07.2024 06:42
cslinuxboy (@cslinuxboy@mastodon.social)

I hate the docker tag "latest". It creates more problems than it solves.

#Docker #Containers #Linux #DevOps




Show Original Post


25.07.2024 06:29
cslinuxboy (@cslinuxboy@mastodon.social)

Never run point-zero software versions. Case and point: Grafana's 10.0.0 docker container. It's broken big time. Stay on 9.5.20 .

#Docker #Grafana #GrafanaLabs #Containers




Show Original Post


25.07.2024 01:55
jos1264 (@jos1264@social.skynetcloud.site)

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 securityweek.com/docker-patche #Vulnerabilities #CloudSecurity #CVE202441110 #DockerEngine #AuthZbypass #CVSS10 #Docker




Show Original Post


25.07.2024 01:55
jos1264 (@jos1264@social.skynetcloud.site)

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 securityweek.com/docker-patche #Vulnerabilities #CloudSecurity #CVE202441110 #DockerEngine #AuthZbypass #CVSS10 #Docker




Show Original Post


25.07.2024 00:30
fred (@fred@m.baldhead.be)

Iemand ervaring met DDEV? Of toch zelf met docker images een dev omgeving opzetten? #ddev #docker




Show Original Post


25.07.2024 00:09
forresttanaka (@forresttanaka@techhub.social)

#Docker, what hast thou wrought?

You can turn off this pico-style menu with —menu. The General settings has a “Show CLI hints” option, but it doesn’t seem to have anything to do with this.

$ docker compose up —menu=false





Show Original Post


24.07.2024 23:55
clonbg (@clonbg@masto.es)

Como ver contenido acestream en Linux myblog.clonbg.es/como-ver-cont #Docker #Media clonbg.es





Show Original Post


24.07.2024 23:45
leanpub (@leanpub@mastodon.social)

New 📚 Release! Ansible DevOps Cookbook: End-to-end automation solutions including setup, playbooks, cloud services, CI/CD integration, and ansible tower management

There are more than 100 recipes that are meant to help you solve problems in the real world.

Find it on Leanpub!

#ansible #docker #Jenkins #DevOps #Git #programming #networking #ebooks #books





Show Original Post


1 2 3 4 5 6 ...78
UP