SYM_CONF_0038 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The service is configured to disable seccomp confinement by setting 'seccomp:unconfined', which removes important security restrictions on what system calls the container can make. This exposes the container to a wider range of potential attacks.
Impact
Disabling seccomp allows attackers to exploit vulnerabilities in the application or container runtime to perform unauthorized actions, such as breaking out of the container, accessing the host system, or escalating privileges. This significantly increases the risk of compromise to both the application and the underlying server.