Is this host vulnerable to privilege escalation through an unprotected Docker daemon?

/static/assets/linux-logo.svg
Utilizing Docker via unprotected tcp socket (2375/tcp, maybe 2376/tcp with tls but without tls-auth), an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container and use chroot to escape the container-jail. This TTP mounts the hosts root directory inside the container's /mnt directory and runs schism as root on the host machine.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my Docker daemon vulnerable to privilege escalation?

2022-11-15

/static/assets/linux-logo.svg
Privilege escalation through exposed Docker daemon.