The most popular images on Docker Hub are official / library images, they are curated and monitored by Docker for best practices and security vulnerabilities. I’m not saying that means you should trust them completely, it’s always best practice to read the source of an image before you use it.
This doesn’t mean that YOUR secrets are exposed by using the image, btw - this means that whomever built that image would be accidentally exposing their secrets.
Unless you built the image and added your secrets to it and then uploaded it to a public Docker registry. But again, that’s not a flaw in Docker.
How can you be sure it doesn’t affect popular images? The probability may be lower, but I don’t think you can rule it out.
The most popular images on Docker Hub are official / library images, they are curated and monitored by Docker for best practices and security vulnerabilities. I’m not saying that means you should trust them completely, it’s always best practice to read the source of an image before you use it.
This doesn’t mean that YOUR secrets are exposed by using the image, btw - this means that whomever built that image would be accidentally exposing their secrets.
Unless you built the image and added your secrets to it and then uploaded it to a public Docker registry. But again, that’s not a flaw in Docker.