SYM_CONF_0309 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Privilege Management
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-269: Improper Privilege Management |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
If you don't specify a non-root USER in your Dockerfile, applications inside the container will run as root by default. This gives processes inside the container unnecessary administrative privileges.
Impact
If an attacker exploits a vulnerability in your application, running as root allows them to take full control of the container, potentially leading to data theft, container escape, or damage to the host system. Running as a non-root user limits what an attacker can do if the container is compromised.