Lack of Integrity Check

When a container image that is externally sourced is not pinned to their SHA hash, malicious modification of the image can go undetected. For example, an adversary can modify the image with backdoor and the backdoor gets executed as there is no integrity check of the container image.

Remediation

Use SHA hash to pin to the desired version of the container image. This is the only way to always reference the immutability version of the image.

Metadata

Severity: low
Slug: lack-of-integrity-check

CWEs

1357: Reliance on Insufficiently Trustworthy Component
494: Download of Code Without Integrity Check

OWASP

A06:2021: Vulnerable and Outdated Components
A08:2021: Software and Data Integrity Failures

Available Labs

Open Container labs in SecDim Play for this vulnerability.

trivial

Privileged.df

Other Trivial Container

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.