漏洞描述
Docker Registry 未授权访问指的是由于 Docker Registry 私有仓库搭建以后默认其他所有客户端均可以 push、pull 镜像, 如果不设置用户认证方法来对 Docker 仓库进行权限保护,对 Docker Registry 中的数据安全造成隐患。该漏洞会导致 Docker 服务器的数据被泄漏、篡改和删除,配置文件被修改,甚至通过提权来控制服务器,危害十分严重。
Docker Registry 未授权访问漏洞
PoC代码
暂无相关漏洞推荐
- Docker Compose 未授权 路径遍历漏洞
- docker-registry-api-unauth: docker registry api 未经批准
- docker-registry: Docker Registry Listing
- Docker Desktop Engine API 未授权访问漏洞
- POC gcloud-artifact-registry-public: Publicly Accessible Artifact Registry Repositories
- POC gcloud-vuln-scan-missing: Artifact Registry Vulnerability Scanning Not Enabled
- POC docker-api-unauthorized-rce: docker api未授权访问rce
- POC docker-daemon-exposed: Docker Daemon Exposed
- POC docker-remote-api-unauth: Docker remote api Unauth
- POC docker-remote-api: Docker Remote API
- POC dockercfg-config: Detect .dockercfg
- POC kubernetes-exposing-docker-socket-hostpath: Kubernetes Exposing Host's Docker Socket
- POC remote-registry-access-check: Remote Registry Service Disabled Check