Execution with Unnecessary Privileges
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The container definition is missing a security context specifying that it must run as a non-root user. This means the container could run processes with root privileges inside, increasing the risk of security breaches.
Impact#
If an attacker exploits a vulnerability in the application, they could gain root access within the container, allowing them to modify system files, escalate privileges, or attempt to break out of the container and compromise the host or other services.