On-Demand Webinar

Publicly exposed Docker API

Threats + Use Case
On-Demand Webinar

Publicly exposed Docker API

Detection Strategies

Description

Docker is a technology that allows you to perform operating system-level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy, and run applications inside containers.You can interact with Docker via the terminal and also via remote API. The Docker Remote API is a great way to control your remote Docker host, including automating the deployment, controls, and getting the state of your containers process, and more. With this great power comes a great risk‚ if the control gets into the wrong hands, your entire network can be in danger.In February, a new docker API vulnerability (CVE-2019-5736) was discovered that allows you to gain host root access from a docker container. The combination of this new vulnerability and publicly exposed remote Docker API can lead to a fully compromised host.The Docker Remote API listens on ports 2375 / 2376. By default, the remote API is only accessible from the loopback interface (localhost 127.0.0.1), and should not be available from external sources.

References

Request Access to Use Case Repository

Categories

Discovery

Cloud Service Discovery

Splunk

AWS

Get the Latest Resources

Leave Your Data Where You Want: Detect Across Snowflake

Demo Series
Leave Your Data Where You Want: Detect Across Snowflake
Watch

MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot

Demo Series
MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot
Watch
White Paper

Publicly exposed Docker API

Threats + Use Case
April 20, 2021

Publicly exposed Docker API

Threats + Use Case

Description

Docker is a technology that allows you to perform operating system-level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy, and run applications inside containers.You can interact with Docker via the terminal and also via remote API. The Docker Remote API is a great way to control your remote Docker host, including automating the deployment, controls, and getting the state of your containers process, and more. With this great power comes a great risk‚ if the control gets into the wrong hands, your entire network can be in danger.In February, a new docker API vulnerability (CVE-2019-5736) was discovered that allows you to gain host root access from a docker container. The combination of this new vulnerability and publicly exposed remote Docker API can lead to a fully compromised host.The Docker Remote API listens on ports 2375 / 2376. By default, the remote API is only accessible from the loopback interface (localhost 127.0.0.1), and should not be available from external sources.

References

Request Access to Use Case Repository

Categories

Discovery

Cloud Service Discovery

Splunk

AWS

Break Free from SIEM Lock-in

Break Free from SIEM Lock-in