An attacker with access to a Docker container can use the Docker API to create new containers and mount volumes from other containers, exposing sensitive data such as databases. The attacker can mount the host operating system filesystem, enabling arbitrary read and write access to any file. Overwriting shared libraries, such as a DLL loaded by another application, could allow execution of malicious code on the host. Mounting the OS filesystem operates on Windows without user prompts because Docker runs with administrator privileges on Windows. On macOS, mounting prompts the user and Docker lacks administrator privileges, limiting the attack.
As a result of this flaw, an attacker who gains access to a Docker container could leverage the API to create a new Docker container and give it access to a volume that hosts, for example, a database used by a different container, therefore exposing sensitive information. But more critically, the attacker could mount the operating system's file system and gain the ability to read or write any file.
This has even more serious implications: For example, by overwriting a DLL library loaded by a different application, the attacker could execute malicious code on the system. However, mounting the OS filesystem administrator works only on Windows, as attempting this on macOS would prompt the user for permission. Also on macOS Docker doesn't run with administrator privileges like it does on Windows.
Collection
[
|
...
]