It has been reported that a old vulnerability in Alpine Linux containers has spread and propagated to as much as 20% of the containers on the Docker Store.Nearly one in five of the most popular containers available on the Docker store have no password for root access.The finding is important because containers, most frequently with Docker as the container manager, are becoming popular for deploying virtualized applications.
Gavin Millard, VP of Intelligence at Tenable:
“The discovery of an old vulnerability in Alpine Linux containers being present on the Docker Store is not at all surprising. Last year, Tenable’s Research Team assessed 6000 of the most popular images and found many had major vulnerabilities present. In fact, the average amount of vulnerabilities on the latest official container images was nearly 16 and on community images it was over 38. Some even contained well-known issues, such as Heartbleed, ImageTragick and ShellShock.
“When working with containers it’s important that the vulnerability state of the image is assessed at the time of build within the CI/CD [continuous integration/continuous delivery] pipeline.”