Execution with Unnecessary Privileges
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Mounting the host’s Docker socket (/var/run/docker.sock) into a container gives that container full control over the Docker daemon. This effectively grants root-level access to your host system from within the container.
Impact#
If exploited, an attacker with access to the container could execute commands as root on the host, deploy or remove containers, access sensitive host files, or take over the entire host machine. This exposes your infrastructure to severe compromise and data breaches.