Incorrect Permission Assignment for Critical Resource
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-732: Incorrect Permission Assignment for Critical Resource |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The service is missing the ’no-new-privileges:true’ option in its ‘security_opt’ settings, which means processes inside the container could gain extra privileges using setuid or setgid binaries. This makes it easier for attackers to escalate their access within the container.
Impact#
If exploited, an attacker could gain higher privileges inside the container, potentially allowing them to access sensitive data, alter system files, or compromise other services. This increases the risk of a full container breakout or lateral movement within your infrastructure.