SYM_PY_0245 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Execution with Unnecessary Privileges
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code runs or creates Docker containers using user-provided input without validating or restricting what images or commands can be executed. This allows untrusted data to control which containers are started.
Impact
An attacker could use this vulnerability to run arbitrary containers, potentially executing malicious code on the host, accessing sensitive data, or escalating privileges. This could compromise the entire system and affect other applications running on the same host.