The RedLock CSI team found that many organizations have accidentally shared internal Docker images publicly.
The misconfiguration has led to the exposure of source code and other sensitive information.
Docker Hub repositories let you share images with co-workers, customers, or the Docker community at large. If you’re building your images internally, either on your own Docker daemon, or using your own continuous integration services, you can push them to a Docker Hub repository that you add to your Docker Hub user or organization account.
When creating a repository, changing the “Visibility” drop down field enables you to make an image public or private. Many organizations have accidentally set this field to “public”, exposing source code and other sensitive information.
Figure 1: The “Visibility” drop down field makes an image public or private
Download a copy of the advisory here.