Vulnerability Description
This advisory addresses a false positive identified by Nessus regarding CVE-2024-41110 in CTERA Portal. According to the security advisory, CVE-2024-41110 involves an authorization (AuthZ) bypass and privilege escalation. The vulnerability allows an attacker to exploit an API request with Content-Length set to 0, which results in the Docker daemon forwarding the request without the body to the AuthZ plugin. However, CTERA is not affected, as it does not use the Docker AuthZ plugin in any of its products.
Vulnerability Details
Publication Date: November 10, 2024
CVSS v3.1 score: 0.0 (False Positive)
Affected CTERA Products
No versions of CTERA Portal are affected by this vulnerability.
Analysis
All CTERA Portals running on CentOS 7 include Docker Engine version 20.10.8, which is affected by CVE-2024-41110 when the Docker AuthZ plugin is included. However, no CTERA Portal version includes or uses the Docker AuthZ plugin. Therefore, the Nessus scan incorrectly flagged this issue.
Permanent Solution
This issue is a false positive and does not require any action. Users can safely disregard this finding.
For any further assistance or inquiries, please contact CTERA support.