luan
WiFi Breaker
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
A study by GitGuardian has uncovered a new threat to the world of information security related to Docker technology. Even after Docker images are deleted, their components, so-called “zombie layers,” can continue to exist in registries, remaining a potential source of confidential information leaks. This phenomenon has been detected in platforms such as Amazon Web Services ECR, DockerHub, GitHub Packages, and Quay.io.
“Zombie layers” are remnants of data that continue to be stored in the registry for weeks and months, even after the Docker images associated with them have been deleted. This becomes especially dangerous when the deleted layers contain sensitive data, such as passwords, access tokens, or private keys.
As part of the study, an experimental test was conducted in which the researchers downloaded and then modified a Docker image, deleting the layer with confidential information. The test showed that the deleted layer continued to exist in the registry and was available for download. This confirmed that registries do not always immediately remove unused layers, which creates serious security risks.
“Zombie layers” are remnants of data that continue to be stored in the registry for weeks and months, even after the Docker images associated with them have been deleted. This becomes especially dangerous when the deleted layers contain sensitive data, such as passwords, access tokens, or private keys.
As part of the study, an experimental test was conducted in which the researchers downloaded and then modified a Docker image, deleting the layer with confidential information. The test showed that the deleted layer continued to exist in the registry and was available for download. This confirmed that registries do not always immediately remove unused layers, which creates serious security risks.