SYM_CONF_0005 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Execution with Unnecessary Privileges
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The container definition is missing a security context specifying that it must run as a non-root user. This means the container could run processes with root privileges inside, increasing the risk of security breaches.
Impact
If an attacker exploits a vulnerability in the application, they could gain root access within the container, allowing them to modify system files, escalate privileges, or attempt to break out of the container and compromise the host or other services.