π U.S. Dept Of Defense: Exposed Docker Registry at https://ββββ
π‘ Newskategorie: SicherheitslΓΌcken
π Quelle: vulners.com
Summary: The docker registry at https://ββββββ has no authentication in place and is therefore exposed to the public. This leads to full disclosure of all available docker containers, the possibility to upload docker container and manipulate and delete existing docker containers. Description: From https://www.acunetix.com/vulnerabilities/web/docker-registry-api-is-accessible-without-authentication/ : The Docker Registry HTTP API is the protocol to facilitate the distribution of images to the docker engine. It interacts with instances of the docker registry, which is a service to manage information about docker images and enable their distribution. This Docker Registry API is accessible without authentication. A properly secured registry should return 401 when the "/v2/" endpoint is hit without credentials. The response should include a WWW-Authenticate challenge, guiding how to authenticate, such as with basic auth or a token service. Impact High. An attacker can view all available (deployed) docker containers and their containing information, patch the containers to transform the containers to malicious containers (backdoors, malfunction, authentication bypass, RCE, etc.) and upload new possibly malicious containers. Step-by-step Reproduction Instructions Viewing and Downloading existing docker containers We can examine the existing docker containers by visiting https://ββββββββββ/v2/_catalog. We can see that multiple "private" custom docker containers are available... ...