Docker version is up to date

docker

Classification:

compliance

Framework:

cis-docker

Control:

1.1.2

Set up the docker integration.

Description

Frequent releases for Docker are issued which address security vulnerabilities, resolve product bugs, and bring in new functionality. You should keep a tab on these product updates and upgrade as frequently as possible in line with the general IT security policy of your organization.

Rationale

By staying up to date on Docker updates, you can mitigate vulnerabilities in the software. An experienced attacker may be able to exploit known vulnerabilities resulting in them being able to attain inappropriate access or to elevate their privileges. If you do not ensure that Docker is running at the most current release consistent with the requirements of of your application, you may introduce unwanted behavior. It is therefore important to ensure that you monitor software versions and upgrade in a timely fashion.

Audit

Execute the command below to verify that the Docker version is up-to-date in line with the requirements of the application you are running. It is not a security requirement to be at the most up-to-date version, provided the version you are using does not contain critical or high-security vulnerabilities.

docker version

Remediation

You should monitor versions of Docker releases and make sure your software is updated as required.

Impact

You should perform a risk assessment regarding Docker version updates and review how they may impact your operations. You should be aware that third-party products that use Docker may require older major versions of Docker to be supported, and this should be reviewed in line with the general IT security policy of your organization, particularly where security vulnerabilities in older versions have been publicly disclosed.

Default value

Not Applicable

References

  1. https://docs.docker.com/engine/installation/
  2. https://github.com/moby/moby/releases/latest
  3. https://github.com/docker/docker-ce/releases/latest

CIS controls

Version 6.4 Continuous Vulnerability Assessment and Remediation