The method whereby the CyberArk researchers gained access was detailed in a blog post on Monday. The playground or test site, known as Play-with-Docker, allows anyone to experience what Docker can offer without having to do any installation or configuration.
Docker performs operating-system-level virtualisation and differs from regular virtual machines in that it does not require a full copy of the Linux kernel for every single instance, but uses the same kernel code.
Nimrod Stoler, the main researcher involved, told iTWire that the difference between Play-with-Docker and other production sites running Docker lay in the application.
"Most applications would run just fine inside a Docker default container, but with some applications, the default Docker container is just not enough, and more privileges are required to have the application run properly."
Stoler said: "The privileges required by an application, could be, for example, more RAM, more processing power, more disk space, access to different devices (e.g. USB camera, audio devices or a disk-on-key) or an application may require specific Linux capabilities to function properly, which generally means access to more kernel functions than the default container allows.
"In all of these cases, the default Docker container is just not enough, and developers turn to a more ‘privileged’ setup to accommodate the application requirements."
He said with in the case of Play-with-Docker, the application required more privileges, and the Play-with-Docker developers had provided those privileges for the container but had not secured the environment properly, and left some entry points.
"To summarise: Play-with-Docker is running a privileged Docker container on the Internet, in what could be regarded as a production site. However, they did not secure their containers and environment properly, which allowed us to hack into it and escape to the underlying hosts," Stoler added.
CyberArk's said it had reported its findings to Docker and the Play-with-Docker maintainers and the application was secured by them.