CVE-2024-47182 – Dozzle versions before 8.5.3 use SHA-256 for pa... (How to Fix)

Q: What is the severity of CVE-2024-47182?

CVE-2024-47182 has a CVSS score of 4.8 (MEDIUM). Dozzle versions before 8.5.3 use SHA-256 for password hashing, which is vulnerable to rainbow table attacks. This allows attackers with access to password hashes to potentially crack passwords more easily. Anyone using Dozzle for Docker container log viewing with authentication enabled is affected.

📋 TL;DR

Dozzle versions before 8.5.3 use SHA-256 for password hashing, which is vulnerable to rainbow table attacks. This allows attackers with access to password hashes to potentially crack passwords more easily. Anyone using Dozzle for Docker container log viewing with authentication enabled is affected.

💻 Affected Systems

Products:

Dozzle

Versions: All versions before 8.5.3

Operating Systems: All platforms running Docker

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with authentication enabled. Dozzle can run without authentication.

📦 What is this software?

Dozzle by Amirraminfar

View all CVEs affecting Dozzle →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to Dozzle, potentially compromising Docker container logs and system information.

🟠

Likely Case

Attackers crack weak passwords to gain unauthorized access to log viewing functionality.

🟢

If Mitigated

Limited to password cracking attempts that may fail against strong passwords.

🌐 Internet-Facing: MEDIUM - Internet-facing instances are vulnerable to password cracking attacks if authentication is enabled.

🏢 Internal Only: LOW - Internal instances have reduced attack surface but still vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to password hashes and standard password cracking tools. No special exploit code needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.5.3

Vendor Advisory: https://github.com/amir20/dozzle/security/advisories/GHSA-w7qr-q9fh-fj35

Restart Required: Yes

Instructions:

1. Stop Dozzle container. 2. Pull latest image: docker pull amir20/dozzle:latest. 3. Start container with updated image. 4. Existing passwords will be re-hashed with bcrypt on next login.

🔧 Temporary Workarounds

Disable authentication

all

Run Dozzle without authentication if acceptable for your environment

docker run -d --name dozzle -v /var/run/docker.sock:/var/run/docker.sock -p 8080:8080 amir20/dozzle:latest --no-auth

🧯 If You Can't Patch

Enforce strong password policies (minimum 12 characters, complexity requirements)
Implement network segmentation to restrict Dozzle access to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Check Dozzle version: docker exec <container_name> dozzle --version

Check Version:

docker exec <container_name> dozzle --version

Verify Fix Applied:

Verify version is 8.5.3 or higher and check logs for bcrypt hash usage

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts
Successful logins from unusual IPs

Network Indicators:

Brute force attempts against Dozzle authentication endpoint

SIEM Query:

source="dozzle" AND (event="login_failed" OR event="login_success")

📊 Metadata

CVE ID: CVE-2024-47182

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-328

Published: September 27, 2024

Last Updated: October 4, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47182, you might also want to check these: