Skip to content

gmatuz/cve-scanner-exploiting-pocs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Collection of ideas and specific exploits against Docker CVE scanners

You can read more on the background within the following Medium post: Testing docker CVE scanners. Part 2.5 — Exploiting CVE scanners

TL;DR

Most Docker image scanners make use of shell access, run package managers, if you run it on the Dockerfile you don't know you could expect. Running them on untrusted code can lead to command execution, some of the scanner providers don't consider this an issue, they (probably rightly) expect people to expect this. However, keep this in mind whenever you use these tools, especially if you add it to your CI/CD pipeline or other security automation where this might become an issue, most likely to escalate privilege or attack your CI or security automation itself.

All issues have been fixed by the vendors or considered as not a security issue

Ideas if you have to exploit such tools or think about how attackers would