Security Test: AWS Docker Config Exposure¶
Description¶
Default Severity:
When AWS Docker configuration files aren't properly secured, they can end up being accessible to anyone online. This means attackers might find sensitive settings—like credentials, endpoints, or service details—that can let them compromise your Docker containers or even broader AWS resources. Developers often make the mistake of assuming these configuration files are safe by default because they're in what they think is a secure location, but a misconfigured system can expose them to the public. If attackers exploit this vulnerability, they could access your deployed services and data, which makes it crucial to double-check that these files are restricted and hidden from public view.
Configuration¶
Identifier:
information_disclosure/aws_docker_config_exposure
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 2.2.2 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-190 |
| FedRAMP | AC-6 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVSS Score | 3.0 |