Docker is a technology that allows you to perform operating system-level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy, and run applications inside containers.You can interact with Docker via the terminal and also via remote API. The Docker Remote API is a great way to control your remote Docker host, including automating the deployment, controls, and getting the state of your containers process, and more. With this great power comes a great risk‚ if the control gets into the wrong hands, your entire network can be in danger.In February, a new docker API vulnerability (CVE-2019-5736) was discovered that allows you to gain host root access from a docker container. The combination of this new vulnerability and publicly exposed remote Docker API can lead to a fully compromised host.The Docker Remote API listens on ports 2375 / 2376. By default, the remote API is only accessible from the loopback interface (localhost 127.0.0.1), and should not be available from external sources.
Cloud Service Discovery
Ready to learn more about Anvilogic?
Kickstart your security operations
Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.