dockerfiles icon indicating copy to clipboard operation
dockerfiles copied to clipboard
verified publisher icon izuolan

Pagekit Docker Image Exposes composer.lock File

Open mbiesiad opened this issue 1 month ago • 0 comments

Hi, first of all - great work with the repo.

Pagekit Docker Image Exposes composer.lock File

Description

The community Pagekit Docker image (pagekit/pagekit on Docker Hub) allows public access to the composer.lock file located in the web root.

Proof of Concept

Screenshot

poc-dockerImage-pageKit-composerLock

Details

  • Affected Docker image: pagekit/pagekit

  • Affected Docker image - link: https://hub.docker.com/r/pagekit/pagekit

CWE:

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-284: Improper Access Control
  • CWE-285: Improper Authorization
  • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory

References

  • https://github.com/izuolan/dockerfiles/tree/master/pagekit
  • https://hub.docker.com/r/pagekit/pagekit

Best regards,

mbiesiad avatar Dec 01 '25 21:12 mbiesiad