AWS Docker Config Exposure
Description
Detects publicly accessible AWS Docker configuration files.
Remediation
To remediate AWS Docker Config Exposure, follow these steps:
- Rotate any exposed credentials immediately to prevent unauthorized access.
- Audit your AWS IAM roles and policies to ensure they follow the principle of least privilege.
- Review your Docker configurations and ensure that sensitive data is not hardcoded in Dockerfiles or image configurations.
- Use AWS Secrets Manager or Parameter Store to manage secrets and credentials securely.
- Implement proper logging and monitoring to detect any future exposures or unauthorized access attempts.
- Update your security policies and training to prevent similar incidents.
- If necessary, conduct a thorough security audit of your environment to identify and fix any related vulnerabilities.
Configuration
Identifier:
information_disclosure/aws_docker_config_exposure
Examples
Ignore this check
checks:
information_disclosure/aws_docker_config_exposure:
skip: true
Score
- Escape Severity: HIGH
Compliance
OWASP: API8:2023
pci: 2.2.2
gdpr: Article-32
soc2: CC6
psd2: Article-95
iso27001: A.12.6
nist: SP800-190
fedramp: AC-6
Classification
- CWE: 200