Uncovering Threats in Container Systems: A Study on Misconfigured Container Components in the Wild

The increasing popularity of cloud computing has led to a significant rise in the use of container technology. Docker and Kubernetes have emerged as the de facto standards for container orchestration frameworks due to their reliability, flexibility, and ease of operation, supported by scalable, HTTP-based interfaces. Given the critical nature of infrastructure systems, container components within such orchestration frameworks should adhere to strict security levels. However, administrative misconfigurations can introduce serious vulnerabilities, exposing security-critical container components to external networks and allowing adversaries to discover and exploit them as attack vectors. In this paper, we investigate the security threats posed by misconfigured container components (MCC) that are exposed to the Internet. Through an Internet-scale measurement, we identify a total of 1,003,947 MCCs, with the majority operating under default configurations and outdated software versions. Our analysis reveals that renowned institutes, governments, and enterprises that are operating exposed MCCs, suggesting significant security risks. In addition, we conduct a real-world experiment within multi-branch campus network, scanning 150,235 IP addresses to uncover actual vulnerabilities in MCCs. We identify five distinct vulnerabilities that either leak sensitive information or allow remote code execution, demonstrating the real-world feasibility and potential impact of exploiting these misconfigured container components.