In April, the Checkmarx Security Research Team analyzed 1.5 milliion results from Checkmarx One and Keeping Infrastucture-as-Code Secure(KICS) and identified three common Docker misconfigurations that threat actors can exploit.
58.47%: Inadvertent misconfiguration risks
In Docker environments, misconfigurations such as open network ports, weak access controls, or improper container isolation can inadvertently expose the system to cyber threats.
23.68%: Elevated Default Privileges
Docker containers often run with elevated default privileges, granting them unnecessary access to system resources.
17.85%: Exposure of passwords & secrets
Developers inadvertently include sensitive information like passwords, API keys, or cryptographic keys within Docker images or configurations, leaving them vulnerable to unauthorized access or extraction by malicious actors.
