Dockerfile sets YUM configuration to disable SSL verification

Description

Using the command `yum-config-manager --save --setopt=sslverify=false` in Dockerfiles is insecure. This command configures YUM (Yellowdog Updater Modified) to bypass SSL certificate verification when interacting with repositories.

Disabling SSL verification for YUM can put the container and its underlying applications at risk of man-in-the-middle (MitM) attacks. In such scenarios, unauthorized individuals can intercept, modify, or listen in on the traffic between the YUM package manager and the repository servers. This can lead to the installation of malicious or compromised packages, introducing vulnerabilities into the Docker image.

Code Example

dockerfile

- RUN yum-config-manager --save --setopt=sslverify=false
+ RUN yum-config-manager --save --setopt=sslverify=true

Remediation

Docker

Rule Details

Field	Value
ID	IAC-0859
Severity	HIGH
IaC Type	dockerfile
Frameworks	Docker
Checkov ID	CKV2_DOCKER_15

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Dockerfile sets YUM configuration to disable SSL verification

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Dockerfile sets YUM configuration to disable SSL verification ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Dockerfile sets YUM configuration to disable SSL verification

Description

Code Example

Remediation

Rule Details

References