Skip to content

Information Disclosure: AWS Docker Config Exposure

Identifier: aws_docker_config_exposure

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

When AWS Docker configuration files aren't properly secured, they can end up being accessible to anyone online. This means attackers might find sensitive settingslike credentials, endpoints, or service detailsthat can let them compromise your Docker containers or even broader AWS resources. Developers often make the mistake of assuming these configuration files are safe by default because they're in what they think is a secure location, but a misconfigured system can expose them to the public. If attackers exploit this vulnerability, they could access your deployed services and data, which makes it crucial to double-check that these files are restricted and hidden from public view.

Configuration

Example

Example configuration:

---
security_tests:
  aws_docker_config_exposure:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.