Disclosure of Authorization-Bypass on the Docker Hub

Following the postmortem of a previous vulnerability announced on June 30th, the Docker team conducted a thorough audit of the platform code base and hired an outside consultancy to investigate the security of the Docker Registry and the Docker Hub. On the morning of 8/22 (all times PST), the security firm contacted our Security Team:

8/22 – Morning: Our Security Team was contacted regarding vulnerabilities that could be exploited to allow an attacker to bypass authorization constraints and modify container image tags stored on the Docker Hub Registry. Even though the reporting firm was unable to immediately provide a working proof of concept, our Security Team began to investigate.

8/22 – Afternoon: Our team confirms the vulnerabilities and begins preparing a fix.

8/22 – Evening: We roll out a hotfix release to production. Additional penetration tests are performed to assure resolution of these new vulnerabilities. Later, it is discovered this release introduced a regression preventing some authorized users from pulling their own private images.

8/23 – Morning: A new hotfix is deployed to production, addressing the regression and all known security issues. Our Security Team runs another set of penetration tests against the platform and confirm all issues have been resolved.

Follow-up & Postmortem:

We have begun an internal postmortem process to seek the improvement of our development and security processes. Immediately, we have established the following:

  • We have performed an audit of the repositories stored on the Docker Hub Registry to verify whether or not any known exploits have been used in the wild. We have not found any indication of exploitation, or of repositories being modified via authorization by-pass.
  • We have established an agreement with the outside security firm to audit every major release of the platform.
  • We will implement an automated suite of functional security tests. These would be established in addition to existing unit and integration tests.

Finally:

Our contributors have been hard at working making Docker better and better with each release, including important security improvements such as the addition of granular Linux capabilities management with the release of Docker 1.2. Likewise, since establishing our security and responsible disclosure policy, we have seen a substantial interest by researchers in contributing to the improvement of Docker.

If you discover any issues in Docker or the Hub, we encourage you to do the same by contacting security@docker.com.


Disclosure of Authorization-Bypass on the Docker Hub


Leave a Reply

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.