Publicly exposed Docker API

Publicly exposed Docker API

Threats + Use Case


Docker is a technology that allows you to perform operating system-level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy, and run applications inside containers.You can interact with Docker via the terminal and also via remote API. The Docker Remote API is a great way to control your remote Docker host, including automating the deployment, controls, and getting the state of your containers process, and more. With this great power comes a great risk‚ if the control gets into the wrong hands, your entire network can be in danger.In February, a new docker API vulnerability (CVE-2019-5736) was discovered that allows you to gain host root access from a docker container. The combination of this new vulnerability and publicly exposed remote Docker API can lead to a fully compromised host.The Docker Remote API listens on ports 2375 / 2376. By default, the remote API is only accessible from the loopback interface (localhost, and should not be available from external sources.


Request Access to Use Case Repository



Cloud Service Discovery



Chat with our team to receive a free maturity assessment

Get in Touch

Ready to learn more about Anvilogic?

Kickstart your security operations

Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.