Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The service configuration explicitly disables SELinux separation by setting ’label:disable’ in ‘security_opt’. This causes the container to run without SELinux protections, leaving it unconfined.
Impact#
Disabling SELinux separation removes important security boundaries, allowing a compromised container to potentially access or modify sensitive files or processes on the host system. This greatly increases the risk of privilege escalation and data breaches.