Docker Downgrade Protocol To Http
Description
Detects insecure curl or wget commands in Docker files that allow automatic protocol downgrade from HTTPS to HTTP. This vulnerability could enable attackers to redirect secure HTTPS connections to insecure HTTP, potentially exposing sensitive data or enabling man-in-the-middle attacks.
Detection Strategy
• Scans Docker configuration files for curl or wget commands
• Identifies commands that allow automatic redirections (e.g., curl -L, wget --max-redirect)
• Reports a vulnerability when a command is found that could allow redirecting from HTTPS to HTTP protocols
• Examines each command line individually in the Dockerfile
Vulnerable code example
# Dockerfile with vulnerable download commands that allow unsafe redirects
FROM alpine:3.14
# Vulnerable: No protocol restrictions, allows redirect to HTTP
RUN curl -sSf -L https://example.com/install.sh | sh
# Vulnerable: Missing redirect protocol protection
RUN wget --secure-protocol=TLSv1_2 -q -O - https://example.com/setup.sh | sh...✅ Secure code example
FROM alpine:3.14
# Secure: Restrict to HTTPS protocol only and verify SSL
RUN curl --proto '=https' --tlsv1.2 -sSf -L https://example.com/install.sh | sh
# Secure: Force HTTPS only and modern TLS
RUN wget --secure-protocol=TLSv1_2 --https-only -q -O - https://example.com/setup.sh | sh
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.