ciguard 安全漏洞

Ciguard is a security auditing and visualization tool for CI/CD pipelines developed by Johannes Moore. Versions of Ciguard from 0.1.0 to 0.8.1 contain security vulnerabilities. These vulnerabilities stem from the default root user inherited by the published container images, due to the lack of a...

Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points

Background The VOLUME directive in Dockerfiles, or the config.volumes field in OCI image descriptors, indicates filesystem paths "where the process is likely to write data". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by...