TF 0173 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Container images from public registries used
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
Container images are being pulled from public registries or lack a specified registry, exposing deployments to untrusted or potentially malicious images. Using public sources bypasses organizational control over image authenticity and updates.
Impact
Attackers could compromise containers by introducing malicious images or tampered software, leading to unauthorized access, data breaches, or service disruption. Reliance on public registries increases the risk of supply chain attacks and reduces visibility into image provenance.
Resolution
Use images from private registries.