Docker Compose - Detect
ID: docker-compose-config
Severity: medium
Author: meme-lord,blckraven,geeknik
Tags: config,exposure,devops
Description
Section titled “Description”Multiple Docker Compose configuration files were detected. The configuration allows deploy, combine and configure operations on multiple containers at the same time. The default is to outsource each process to its own container, which is then publicly accessible.
YAML Source
Section titled “YAML Source”id: docker-compose-config
info: name: Docker Compose - Detect author: meme-lord,blckraven,geeknik severity: medium description: Multiple Docker Compose configuration files were detected. The configuration allows deploy, combine and configure operations on multiple containers at the same time. The default is to outsource each process to its own container, which is then publicly accessible. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cwe-id: CWE-200 metadata: max-request: 7 tags: config,exposure,devops
http: - method: GET host-redirects: true max-redirects: 3 path: - "{{BaseURL}}/docker-compose.yml" - "{{BaseURL}}/docker-compose.prod.yml" - "{{BaseURL}}/docker-compose.production.yml" - "{{BaseURL}}/docker-compose.staging.yml" - "{{BaseURL}}/docker-compose.dev.yml" - "{{BaseURL}}/docker-compose-dev.yml" - "{{BaseURL}}/docker-compose.override.yml"
stop-at-first-match: true
matchers-condition: and matchers: - type: dsl dsl: - 'regex("^version: ", body) && contains(body, "services:")'
- type: status status: - 200# digest: 490a004630440220162cf97450176886bedc33a282cac8328906b2639c07a6b4d7822fa8b020418b02205fc0cbd98bd6ce22203634a4353028c9eaba27db622e894a40764f7f0429bcf0:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/exposures/configs/docker-compose-config.yaml"