Config files : Excessive Privileges

Classification

OWASP Top 10 2017

A5-Broken Access Control

OWASP Top 10 2021

A1-Broken Access Control

OWASP ASVS

Access Control Access Control Access Control Access Control

CWE

CWE-250 CWE-657

CWE/SANS Top 25 2011

CWE-250

Overview

When you grant users sudo access by using the sudo command or directly modifying the /etc/sudoers file, you potentially give the running process escalated privileges within the container. If an attacker gains control of the container and manages to execute commands with sudo, they could potentially exploit vulnerabilities to gain access to the host system or manipulate other containers.

References

CWE-250: Execution with Unnecessary Privileges
CWE-657: Violation of Secure Design Principles
OWASP Top 10 2017 A5:2017-Broken Access Control
OWASP Docker Security Cheat Sheet

MEDIUM

Config files : Excessive Privileges

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Config files : Excessive Privileges in your application?

See also

Config files : Text4Shell Vulnerability

Config files : Incorrect directory deletion

Config files : Code injection