CVE-2026-24740: Dozzle Findcontainer Labels Authz Bypass
FindContainer wrapper accepts a `container.ContainerLabels` authorization scope but forwards only the container ID to the delegated `FindContainer` call, silently dropping label-based access control. A label-restricted user can then resolve any container ID on the agent host, bypassing tenant/scope isolation (CVE-2026-24740, CWE-863). Pass `labels` through t
greprules fetch cve-2026-24740-dozzle-findcontainer-labels-authz-bypass --engine opengrepDescription
FindContainer wrapper accepts a `container.ContainerLabels` authorization scope but forwards only the container ID to the delegated `FindContainer` call, silently dropping label-based access control. A label-restricted user can then resolve any container ID on the agent host, bypassing tenant/scope isolation (CVE-2026-24740, CWE-863). Pass `labels` through t
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.