DerScanner
Home / Vulnerability Database / Config files : Wrong access configuration
Config files

Config files : Wrong access configuration

Classification

OWASP Top 10 2017
A5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access ControlA4-Insecure Design
CWE
CWE-250CWE-656CWE-657
CWE/SANS Top 25 2011
CWE-250

Overview

A microservice is run with root privileges in the container. While there’s still some default protection left (Linux capabilities, either AppArmor or SELinux profiles) it removes one layer of protection. This extra layer broadens the attack surface. It also violates the least privilege principle and from the OWASP perspective is an insecure default.

For privileged containers (with privileged flag), a microservice breakout into the container is almost comparable to running without any container. Privileged containers endanger your whole host and all other containers.

References

  1. OWASP Docker Security Cheat Sheet
  2. CWE-250: Execution with Unnecessary Privileges
  3. CWE-657: Violation of Secure Design Principles
  4. OWASP Top 10 2017 A5:2017-Broken Access Control
MEDIUM

DerScanner Severity Score

Do you want to fix Config files : Wrong access configuration in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection