Palo Alto Networks: 117 Docker registries exposed to the public web without authentication controls. Researchers found vulnerable Docker servers hosted 2,956 repositories and 15,887 tags. Researchers used Shodan and Censys search engines to find registries that did not require authentication and accepted the three primary operations supported by a Docker registry. Researchers: 80 allowed downloading an image, 92 allowed unauthorized upload, 92, and seven allowed anyone to delete images. Researchers recommend adding a firewall rule to prevent the registry from being accessible from the public internet.
Source: https://www.bleepingcomputer.com/news/security/misconfigured-docker-registries-expose-orgs-to-critical-risks/

