Dockerfile Hidden Disclosure
Attacker can get unauthorized access of hidden Dockerfile(s).
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the API endpoints to test. In this case, the filters include the response code range (between 200 and 299) and the extraction of the "urlVar" from the response URL.
The execute section defines the type of request to be made and the modifications to be applied to the URL. In this template, a single request is made, and the URL is modified using the "urlPaths" word list, which contains the extracted "urlVar" value.
The validation section specifies the conditions that the response should meet to be considered valid. It includes checking the response code to be equal to 200, validating the response payload using a regular expression pattern, and ensuring that the response headers do not contain the text "text/html".
Frequently asked questions
What is the impact of the Dockerfile Hidden Disclosure vulnerability
How can the Dockerfile Hidden Disclosure vulnerability be exploited by attackers
What are the potential risks of not addressing the Dockerfile Hidden Disclosure vulnerability promptly
What category and subcategory does the Dockerfile Hidden Disclosure vulnerability belong to
What are the recommended steps to mitigate the Dockerfile Hidden Disclosure vulnerability
What are the validation criteria for detecting the Dockerfile Hidden Disclosure vulnerability