Execution with Unnecessary Privileges
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using ‘sudo’ in a Dockerfile grants unnecessary root privileges to processes, increasing the risk if the container is compromised. Best practice is to avoid ‘sudo’ and run processes as a non-root user inside containers.
Impact#
If an attacker exploits a vulnerability in your container, having root privileges (granted by ‘sudo’) could let them modify system files, escalate attacks, or break out of the container, potentially affecting the host system or other containers.