SYM_CONF_0308 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Privilege Management
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-269: Improper Privilege Management |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The Dockerfile does not specify a non-root user before setting the ENTRYPOINT, causing the application to run as the root user inside the container. Running as root increases the risk of privilege escalation if the application is compromised.
Impact
If an attacker exploits a vulnerability in the application, they could gain root access within the container, allowing them to install malware, modify files, or attempt to break out of the container and impact the host system or other services. This significantly increases the potential damage from any security breach.