Description

Docker is a computer program that performs operating-system-level virtualization, also known as "containerization".

Docker provides an API for interacting with the Docker daemon (called the Docker Engine API). The Docker Engine API is a RESTful API accessed by an HTTP client such as wget or curl, or the HTTP library which is part of most modern programming languages.

This Docker Engine API is accessible without authentication.

Remediation

Restrict access to the Docker Engine API.

References

Attacking Docker exposed API

Develop with Docker Engine SDKs and API

Related Vulnerabilities

Arbitrary File Read on Nuxt.js Development Server

Insecure Transportation Security Protocol Supported (TLS 1.0)

JBoss HttpAdaptor JMXInvokerServlet

Yii debug mode enabled

Microsoft IIS WebDAV authentication bypass

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration