Privilege Escalation In Container

Even if a container runs as non-root user, processes can gain high privileges. For example, a binary with `setuid` flag can gain root access inside a container that runs as non-root

Remediation

Set `--security-opt=no-new-privileges:true` as part of `docker run`

Metadata

Severity: high
Slug: privilege-esclation-in-container

CWEs

250: Execution with Unnecessary Privileges

OWASP

A04:2021: Insecure Design

Available Labs

Select a language to explore available labs for this vulnerability.

1 Lab

Container Labs

Container 1 lab

Explore 1 lab in Container.

No matching labs found

Try adjusting your language filter.

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.