Execution with Unnecessary Privileges
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Mounting the host’s Docker socket inside a container gives that container full control over the Docker daemon. This setup allows the container to manage, create, or delete other containers and access sensitive host resources.
Impact#
If a container with access to the Docker socket is compromised, an attacker can gain root-level control over the host system. This could lead to unauthorized code execution, data theft, or complete takeover of the server running Docker.