Docker Container - Misconfiguration Exposure
A Docker container misconfiguration was discovered.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the API endpoint to be tested. In this case, the filters include checking the response code to be greater than or equal to 200 and less than 300, and extracting the URL from the response and storing it in the "urlVar" variable.
The execute section defines the type of request to be executed. In this template, it is set to "single", indicating that a single request will be made. The request is specified under the "requests" field, where the URL is modified using the "modify_url" action and the value of the "urlVar" variable.
The validation section defines the expected response from the API endpoint. It includes checking that the response code is equal to 200 and that the response payload contains specific keywords such as "ParentId", "Container", and "Labels". If the validation criteria are not met, it indicates a potential misconfiguration in the Docker container.
Frequently asked questions
What is the purpose of scanning the "/images/json" endpoint in Docker containers
How can misconfigured Docker containers pose security risks to applications and sensitive data
What is the severity level of the MISCONFIGURED_DOCKER vulnerability
What are the specific criteria for validating the response code in this test
What are the key elements that the response payload should contain for a successful validation
Can you provide a reference for further information on attacking and auditing Docker containers for misconfigurations