Impact
A flaw in the Moby container framework allows an attacker to bypass authorization plugins by submitting an oversized request body. The weakness is classified under CWE‑288 and CWE‑807 and has a CVSS score of 8.8.
Affected Systems
All versions of Moby released before 29.3.1 are affected. The vulnerability was fixed in release 29.3.1 and later versions are not vulnerable.
Risk and Exploitability
The CVSS base score indicates significant risk, while the EPSS value of 8% suggests that public exploitation is currently plausible. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is inferred to involve direct network access to the Moby service, where an attacker would craft a request that exceeds the expected body size to trigger the authorization bypass.
OpenCVE Enrichment
Github GHSA