SYM_CONF_0034 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Incorrect Permission Assignment for Critical Resource
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-732: Incorrect Permission Assignment for Critical Resource |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The service is missing the 'no-new-privileges:true' option in its 'security_opt' settings, which means processes inside the container could gain extra privileges using setuid or setgid binaries. This makes it easier for attackers to escalate their access within the container.
Impact
If exploited, an attacker could gain higher privileges inside the container, potentially allowing them to access sensitive data, alter system files, or compromise other services. This increases the risk of a full container breakout or lateral movement within your infrastructure.