SYM_CONF_0009 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Execution with Unnecessary Privileges
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description
Mounting the host's Docker socket (/var/run/docker.sock) into a container gives that container full control over the Docker daemon. This effectively grants root-level access to your host system from within the container.
Impact
If exploited, an attacker with access to the container could execute commands as root on the host, deploy or remove containers, access sensitive host files, or take over the entire host machine. This exposes your infrastructure to severe compromise and data breaches.