Yesterday (26/09/18) The Register released a post about “an exposed Docker server lands internal source code, config files on public internet“. Despite the incident being of great severity – this publication did not surprise us.
In 2017, Twistlock Labs uncovered hundreds of exposed instances of Docker Registry services and also for Dockerd (Docker daemon, e.g the docker management process), we presented the findings at DockerConEU17, in my talk “Real World Security: Software Supply Chain” with Docker’s senior security engineer, David Lawrence. We later approached the companies that we could identify as the owners of the exposed registries in order to responsibly disclose this weakness in private.
Since that time, Twistlock Labs has focused on how developers around the world build and deploy cloud native applications, and how these applications are maintained and operated by companies around the world.
When revisiting the issue, our recent findings show that there are actually less Docker services that are exposed to the public today – to be more specific, we saw a decrease of 35% since the original survey. But this recent news shows that the issue persists and even magnifies with other type of registries and services.
Breaking out of Docker via runC – Explaining CVE-2019-5736Read the Blog
T19 Challenge – Twistlock Lab’s first security challenge summary and solutionsRead the Blog
Kubernetes emergency survival: Hotfix patching running podsRead the Blog
Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)Read the Blog