Regular expressions used by Authz are relatively simple and may be bypassed
For example, we allow only the docker start in the policy, and docker pause is not allowed.
Normal access to https://127.0.0.1:2376/v1.23/containers/aa/pause will be rejected
But we can be accessed the url Https://127.0.0.1:2376/v1.23/containers/aa/pause?aaa=\/start
to bypass Authz’s policy restrictions
The above regular expression can bypass the Authz limit and run docker pause success
The text was updated successfully, but these errors were encountered:
Regular expressions used by Authz are relatively simple and may be bypassed
For example, we allow only the docker start in the policy, and docker pause is not allowed.
Normal access to https://127.0.0.1:2376/v1.23/containers/aa/pause will be rejected
But we can be accessed the url
Https://127.0.0.1:2376/v1.23/containers/aa/pause?aaa=\/start
to bypass Authz’s policy restrictions
The above regular expression can bypass the Authz limit and run docker pause success
The text was updated successfully, but these errors were encountered: