Problem
If DockDash is started on 0.0.0.0 and Shell/exec is enabled, any user with network access can open a shell in containers without any authentication. This risk is especially high on open LANs or if the UI is reverse-proxied to WAN.
Impact
- Remote code execution is exposed to all users without restriction.
Recommendation
- Implement at least a shared token, HTTP basic auth, or session-based authentication for Shell/exec endpoints (both REST & WebSocket).
- When Shell is enabled on LAN/WAN, require authentication by default.
- Document secure deployment recommendations to help users avoid accidental exposure.
Problem
If DockDash is started on
0.0.0.0and Shell/exec is enabled, any user with network access can open a shell in containers without any authentication. This risk is especially high on open LANs or if the UI is reverse-proxied to WAN.Impact
Recommendation