# Container Vulnerabilities 101

Before we begin, it's important to re-cap some of the things learned in the Intro to Containerisation room. First, let's recall that containers are isolated and have minimal environments. The picture below depicts the environment of a container.

<figure><img src="/files/tAmlQPXZrGpdrffBuop9" alt=""><figcaption></figcaption></figure>

#### Some important things to note are:

Just because you have access (i.e. a foothold) to a container, it does not mean you have access to the host operating system and associated files or other containers.

Due to the minimal nature of containers (i.e. they only have the tools specified by the developer), you are unlikely to find fundamental tools such as Netcat, Wget or even Bash! This makes interacting within a container quite difficult for an attacker.

## What Sort of Vulnerabilities Can We Expect To Find in Docker Containers

While Docker containers are designed to isolate applications from one another, they can still be vulnerable. For example, hard-coded passwords for an application can still be present. If an attacker is able to gain access through a vulnerable web application, for example, they will be able to find these credentials. You can see an example of a web application containing hard-coded credentials to a database server in the code snippet below:

```php
/** Database hostname */
define( 'DB_HOST', 'localhost' );

/** Database name */
define( 'DB_NAME', 'sales' );

/** Database username */
define( 'DB_USER', 'production' );

/** Database password */
define( 'DB_PASSWORD', 'SuperstrongPassword321!' );
```

This, of course, isn't the only vulnerability that can be exploited in containers. The other potential attack vectors have been listed in the table below.

<table><thead><tr><th width="160">Vulnerability</th><th>Description</th></tr></thead><tbody><tr><td>Misconfigured Containers</td><td>Misconfigured containers <strong>will have privileges that are not necessary</strong> for the operation of the container. For example, a container running in "privileged" mode will have access to the host operating system - removing the layers of isolation.</td></tr><tr><td>Vulnerable Images</td><td>There have been numerous incidents of <strong>popular Docker images being backdoored to perform malicious actions</strong> such as crypto mining.</td></tr><tr><td>Network Connectivity</td><td>A container that is not correctly networked <strong>can be exposed to the internet</strong>. For example, a database container for a web application should only be accessible to the web application container - not the internet.<br><br>Additionally, <strong>containers can serve to become a method of lateral movement</strong>. Once an attacker has access to a container, they may be able to interact with other containers on the host that are not exposed to the network.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://davidjosearaujo.gitbook.io/online-courses/container-security/container-vulnerabilities/container-vulnerabilities-101.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.