| Description: | | Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Because there is no restriction on the input of parameters, the container and parameters of dockerInspect command have command injection vulnerabilities. An attacker can execute any operating system command on the server through the vulnerability to obtain the server permissions. |