Fluid Attacks Database

Description

Detects use of insecure cleartext protocols (HTTP, FTP) in Docker RUN commands when downloading resources with curl. Using unencrypted protocols during container builds risks man-in-the-middle attacks and tampering of downloaded dependencies.

Weakness:

418 - Insecure service configuration - Docker

Category: Functionality Abuse

Detection Strategy

• Scan each line in Dockerfile for RUN instructions

• Look for curl commands that use http:// or ftp:// URLs

• Report vulnerability if curl command uses cleartext protocols instead of secure alternatives (https://, sftp://)

Vulnerable code example

# Dockerfile with insecure protocol usage

# Vulnerable: Uses insecure HTTP protocol without TLS encryption
RUN curl http://www.example.com/

# Vulnerable: Uses insecure FTP protocol which transmits data in cleartext
RUN curl ftp://www.example.com/test

✅ Secure code example

# Dockerfile with secure protocol usage

# Safe: Uses HTTPS protocol for encrypted data transmission
RUN curl https://www.example.com/  # Uses TLS encryption for secure data transfer

# Safe: Uses FTPS protocol for encrypted file transfer
RUN curl ftps://www.example.com/test  # Encrypts data during file transfer

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.