Docker Run With Network Host
Description
Detects Docker containers configured to use host network mode (--network=host), which gives containers unrestricted access to the host's network stack. This significantly reduces container isolation and can expose host services to compromise if the container is breached.
Detection Strategy
• Searches Dockerfile content for lines that start with 'RUN'
• Identifies lines containing the parameter '--network=host'
• Reports a vulnerability when Docker containers are configured to use host networking mode
• Each matching line in the Dockerfile is reported as a separate vulnerability instance
Vulnerable code example
FROM ubuntu:20.04
# Vulnerable: --network=host gives container full access to host network stack
RUN --network=host wget -O /tmp/data http://localhost:8080/data
WORKDIR /app✅ Secure code example
FROM ubuntu:20.04
# Use --network=none to isolate container network access during build
RUN --network=none wget -O /tmp/data http://localhost:8080/data
WORKDIR /appSearch for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.