How to protect a Docker host before deploying applications

Watch how quick and easy it is to use Trend Micro Cloud One™ to protect a Docker® host before deploying an application in this demo by Marc Tabago, Sales Engineer at Trend Micro...

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, including various web applications and services, designed to demonstrate common vulnerabilities. The tool is used to create a vulnerable environment for testing and...

vulhub1

It is an offensive tool for web application exploitation. The primary vulnerability targeted is a Server-Side Template Injection SSTI in Flask, as evidenced by the presence of the flask/ssti directory. The tool is likely designed to exploit this vulnerability, allowing an attacker to inject...

SSJ - Your Everyday Linux Distribution Gone Super Saiyan

SSJ is s silly little script that relies on docker installed on your everyday Linux distribution Ubuntu, Debian, etc. and magically arms it with hundreds of penetration testing and forensics tools. All of these run with almost native performance as containers utilize the host kernel and thus is a...

Information Disclosure

github.com/kubernetes/kubernetes is vulnerable to information disclosure. When the logging level is to at least 4, processing a malicious docker configuration file will result in the contents of the docker configuration file being leaked, which can include pull secrets or other registry credentia...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Docker vulnerability (USN-4589-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4589-2 advisory. USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io. Tenable has extracted the...

Exploit for Server-Side Request Forgery in Ibm Datapower_Gateway

datapower-redis-rce-exploit CVE-2020-5014 A POC for IBM Data...

CVE-2020-15157

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

CVE-2020-15157

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

CVE-2020-15157 containerd can be coerced into leaking credentials during image pull

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

CVE-2020-15157

The CVE-2020-15157 issue affects containerd (pre-1.2.14) where the default resolver would leak credentials when a container image manifest points to a foreign layer. If a manifest directs a layer URL to a attacker‑controlled web server and the image is pulled, credentials used for the registry co...

CVE-2020-8564

A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like...

Vulnerability fixed in containerd

A vulnerability has been fixed in containerd, which is used by Docker and Kubernetes, among others. A malicious party could vulnerability potentially exploit it to gain access to login credentials to an internal or external image registry. To do so the malicious party must induce the user to pull...

USN-4589-2 docker.io vulnerability

USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io. Original advisory details: It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use th...

CVE-2020-15157

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

PT-2020-20210 · Linux Foundation +2 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.19.3 Kubernetes versions prior to 1.18.10 Kubernetes versions prior to 1.17.13 Description: The issue arises when a Kubernetes cluster uses a logging level of at least 4 and encounters a malformed docker config...

What is Docker Content Trust and How do You Secure It?

Can your container image be trusted? Learn how Docker Content Trust DCT employs digital signatures for container image verification and manages trusted collections of content...

vulhub1

It is an offensive tool for web application vulnerability training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Git, InfluxDB, and more. The vulnerability class/vector is no...

DamnVulnerableCryptoApp - An App With Really Insecure Crypto

Why? If you try to learn a little bit more about crypto, either because you want to know how the attacks work or just because you want to do safe code, you end up diving really fast into the math behind the algorithms, and for a lot of people this is a NO. This project was created with some key...