SYM_CONF_0311 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Privilege Management
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-269: Improper Privilege Management |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The Dockerfile sets the final user as 'root', meaning the container runs with full administrative privileges. This increases risk if attackers gain access, as they would control the whole system.
Impact
If exploited, an attacker could use root privileges to modify system files, install malware, or move laterally to other systems. This can lead to data breaches, service disruption, and compromise of the host environment.