Privilege Escalation In Container

Even if a container runs as non-root user, processes can gain high privileges. For example, a binary with setuid flag can gain root access inside a container that runs as non-root

Remediation

Set --security-opt=no-new-privileges:true as part of docker run

Metadata

Severity: high
Slug: privilege-esclation-in-container

CWEs

250: Execution with Unnecessary Privileges

OWASP

A04:2021: Insecure Design

Available Labs

Open Container labs in SecDim Play for this vulnerability.

medium

PrivilegeEscalation.df

Other Medium Container Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.