More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys.
The secrets impact a little over 100 organizations, among them are a Fortune 500 company and a major national bank.
Docker Hub is the largest container registry where developers upload, host, share, and distribute ready-to-use Docker images that contain everything necessary to run an application.
Developers typically use Docker images to streamline the entire software development and deployment lifecycle. However, as past studies have shown, carelessness in creating these images can result in exposing secrets that remain valid for extended periods.
After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys.
The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys.
When examining the scanned images, the researchers discovered that 42% of them exposed at least five sensitive values.
"These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," Flare notes in a report today.
Size of secret exposure
Source: Flare
... continue reading