Wednesday, March 6, 2019

Docker vulnerability + exposed remote Docker API = Fully compromised host. Researchers found 3,822 Docker hosts with the remote API open for public, and after attempting to connect to IPs via port 2735 to list Docker images, a total of 400 IPs were accessible. These could be compromised for the purposes of illicit cryptocurrency mining.



It is possible to interact with Docker via terminals or remote application programming interfaces (APIs). However, if these control mechanisms are exposed, this can lead to the compromise of the container and potentially the applications contained within.

A vulnerability, CVE-2019-5736, was publicly reported in February which can be used to secure host root access from a Docker container, and as Imperva researchers note, "the combination of this new vulnerability and exposed remote Docker API can lead to a fully compromised host."

https://www.zdnet.com/article/exposed-docker-hosts-can-be-used-in-cryptocurrency-mining/

No comments:

Post a Comment