Shared Volumes Between Containers

  • Query id: 8c978947-0ff6-485c-b0c2-0bfca6026466
  • Query name: Shared Volumes Between Containers
  • Platform: DockerCompose
  • Severity: Info
  • Category: Insecure Configurations
  • CWE: 693
  • URL: Github

Description

Volumes shared between containers can cause data corruption or can be used to share malicious files between containers.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
version: "3"

services:
  frontend:
    build: frontend
    ports:
      - "8000:80"
    volumes:
        - ./logic:/app

  backend:
    build: backend
    expose:
        - 8080
    volumes:
        - ./logic:/app
Positive test num. 2 - yaml file
version: "3"
services:
  app:
    build: app
    ports:
      - "0.0.0.0:80:80"
    volumes:
      - shared-volume:/app/uploads
    depends_on:
      - checker

  checker:
    build: checker
    expose:
      - 8080
    volumes:
      - shared-volume:/uploads

volumes:
  shared-volume:

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
version: "3"

services:
  frontend:
    build: frontend
    ports:
      - "8000:80"
    volumes:
        - ./logic:/app

  backend:
    build: backend
    expose:
        - 8080
    volumes:
        - ./bin:/app