CVE-2021-34079

Vulnerability

Mintzo Docker-Tester versions up to and including 1.2.1 contain an OS command injection vulnerability in the handling of the ports entry within a docker-compose.yml file. The tool does not sanitize shell metacharacters (e.g., ;, |, $()) in the ports field, allowing an attacker to inject arbitrary commands when the file is processed by docker-compose up or similar operations [1][2].

Exploitation

An attacker must supply a crafted docker-compose.yml file to a user or system that runs Docker-Tester. The malicious ports entry, such as "7000:80; echo pwned", is passed unsanitized to a shell command. When Docker-Tester executes docker-compose up or related commands, the injected shell metacharacters cause the attacker's commands to be executed with the privileges of the user running the tool [1][3].

Impact

Successful exploitation allows arbitrary OS command execution on the host system. The attacker can achieve full compromise of the affected environment, including data exfiltration, installation of malware, or lateral movement. The impact is limited only by the permissions of the user running Docker-Tester [1][3].

Mitigation

As of the publication date (2022-06-01), no patched version of Docker-Tester has been released. Users should avoid processing untrusted docker-compose.yml files with this tool. If possible, manually review ports entries for shell metacharacters before use. The project appears to be unmaintained; consider migrating to an alternative testing framework [2][3].