Skip to content
Nuclei Templates

Docker Container - Misconfiguration Exposure

ID: misconfigured-docker

Severity: critical

Author: dhiyaneshDK

Tags: misconfig,docker,unauth,devops

Description

Section titled “Description”

A Docker container misconfiguration was discovered. The Docker daemon can listen for Docker Engine API requests via three different types of Socket - unix, tcp, and fd. With tcp enabled, the default setup provides un-encrypted and un-authenticated direct access to the Docker daemon. It is conventional to use port 2375 for un-encrypted, and port 2376 for encrypted communication with the daemon.

YAML Source

Section titled “YAML Source”
id: misconfigured-docker


info:
  name: Docker Container - Misconfiguration Exposure
  author: dhiyaneshDK
  severity: critical
  description: A Docker container misconfiguration was discovered. The Docker daemon can listen for Docker Engine API requests via three different types of Socket - unix, tcp, and fd. With tcp enabled, the default setup provides un-encrypted and un-authenticated direct access to the Docker daemon. It is conventional to use port 2375 for un-encrypted, and port 2376 for encrypted communication with the daemon.
  reference:
    - https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/attacking-docker-containers/misconfiguration.html
  metadata:
    max-request: 1
  tags: misconfig,docker,unauth,devops


http:
  - method: GET
    path:
      - "{{BaseURL}}/images/json"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"ParentId":'
          - '"Containers":'
          - '"Labels":'
        condition: and


      - type: status
        status:
          - 200
# digest: 4b0a004830460221008e70ee63071865886c029741cfa0c89ee4cb60aca3f1298db0403ba87e1e8363022100dbb579e3b5d755ba24e385d511f6d7513078f4693246dfbf5ccea830f3e01746:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/misconfiguration/misconfigured-docker.yaml"

View on Github