WORKDIR should not be mounted on system dirs
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The WORKDIR in the container is set to a critical system directory (e.g., /proc/, /boot/, /dev/), which exposes sensitive parts of the host or container filesystem to application processes. This configuration breaks isolation and increases the risk of container escape.
Impact#
An attacker could manipulate or overwrite system files, potentially gaining elevated privileges, accessing sensitive data, or compromising the host system. This could lead to full container breakout, loss of data integrity, and severe security breaches affecting the entire infrastructure.
Resolution#
Avoid using system directories to mount WORKDIR