Critical Bug in Docker Engine Allowed Attackers to Bypass Authorization Plugins

Hmmm... It&#x27;s as though running root privelege daemons with open sockets could go wrong. Who could have known.<p><a href="https:&#x2F;&#x2F;developers.redhat.com&#x2F;blog&#x2F;2020&#x2F;09&#x2F;25&#x2F;rootless-containers-with-podman-the-basics#why_podman_" rel="nofollow">https:&#x2F;&#x2F;developers.redhat.com&#x2F;blog&#x2F;2020&#x2F;09&#x2F;25&#x2F;rootless-conta...</a>

Are there really good use cases for dockerd being exposed to the network?<p>I would assume (many&#x2F;most) users who run docker directly run it without api access on the network (i.e. on a single host).<p>Even those that do want network deployments of docker, probably run it through something like k8s where again kubernetes is handling the networking side, and each dockerd doesn&#x27;t need to expose a network accessible api).<p>just wondering the use case for this.

&gt; The vulnerability was addressed with the release of Docker Engine v18.09.1, but it was not included in subsequent major versions, causing a regression.<p>Without further information, this sounds like code introduced in a hotfix that wasn&#x27;t merged back to feature branches.<p>Surely it&#x27;s not that simple?

How does this affect CaaS-based deployments like AKS, EKS, GKE and the like?