2021-02-10 20:15:57 +00:00
id : docker-compose-config
info :
2023-02-09 21:38:53 +00:00
name : Docker Compose - Detect
2021-06-09 12:20:56 +00:00
author : meme-lord,blckraven,geeknik
2021-02-10 20:15:57 +00:00
severity : medium
2023-02-09 21:38:53 +00:00
description : Multiple Docker Compose configuration files were detected. The configuration allows deploy, combine and configure operations on multiple containers at the same time. The default is to outsource each process to its own container, which is then publicly accessible.
2023-02-09 19:34:04 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score : 5.3
cwe-id : CWE-200
2023-04-28 08:11:21 +00:00
metadata :
max-request : 7
2023-10-14 11:27:55 +00:00
tags : config,exposure,devops
2021-02-10 20:15:57 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-02-10 20:15:57 +00:00
- method : GET
2022-10-07 21:27:25 +00:00
host-redirects : true
2021-02-10 20:15:57 +00:00
max-redirects : 3
path :
- "{{BaseURL}}/docker-compose.yml"
2021-02-11 07:37:02 +00:00
- "{{BaseURL}}/docker-compose.prod.yml"
- "{{BaseURL}}/docker-compose.production.yml"
- "{{BaseURL}}/docker-compose.staging.yml"
- "{{BaseURL}}/docker-compose.dev.yml"
2021-03-09 20:52:45 +00:00
- "{{BaseURL}}/docker-compose-dev.yml"
2021-03-09 20:49:46 +00:00
- "{{BaseURL}}/docker-compose.override.yml"
2021-09-02 11:59:10 +00:00
stop-at-first-match : true
2023-10-14 11:27:55 +00:00
2021-02-10 20:15:57 +00:00
matchers-condition : and
matchers :
- type : dsl
dsl :
2021-03-24 23:28:50 +00:00
- 'regex("^version: ", body) && contains(body, "services:")'
2021-02-10 20:15:57 +00:00
- type : status
status :
- 200
2023-10-20 11:41:13 +00:00
# digest: 480a00453043021f333b19a7793274be32b58a1587b410273667fa68dd13ec5d5df24b6bd8670402201773c6cde0f65ede2be52071a856644ac16db29ca65fa44f29bdd5c1edaff11e:922c64590222798bb761d5b6d8e72950
