漏洞描述
Docker Compose 是一个用于定义和运行多容器 Docker 应用的工具。它通过 YAML 文件配置服务,允许用户部署、组合和配置多个容器。由于配置文件可能被错误地公开在互联网上,攻击者可以通过访问这些文件获取敏感信息,例如服务配置、环境变量和凭据,从而导致信息泄露。
Docker Compose 配置文件 信息泄露漏洞
PoC代码
暂无相关漏洞推荐
- Docker Compose 未授权 路径遍历漏洞
- docker-registry: Docker Registry Listing
- Docker Desktop Engine API 未授权访问漏洞
- POC CVE-2022-0165: WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
- POC CVE-2025-31324: SAP NetWeaver Visual Composer Metadata Uploader - Deserialization
- POC docker-daemon-exposed: Docker Daemon Exposed
- POC docker-remote-api-unauth: Docker remote api Unauth
- POC docker-remote-api: Docker Remote API
- POC kubernetes-exposing-docker-socket-hostpath: Kubernetes Exposing Host's Docker Socket
- POC docker-hub-login-check: Docker Hub Login Check
- POC CVE-2022-3477: WordPress tagDiv Composer < 3.5 - Authentication Bypass
- POC CVE-2023-3169: tagDiv Composer < 4.2 - Stored Cross-Site Scripting
- POC amazon-docker-config: Dockerrun AWS Configuration Page - Detect