🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Privilege Escalation In Container

Even if a container runs as non-root user, processes can gain high privileges. For example, a binary with setuid flag can gain root access inside a container that runs as non-root

Remediation

Set --security-opt=no-new-privileges:true as part of docker run

Metadata

  • Severity: high
  • Slug: privilege-esclation-in-container

CWEs

  • 250: Execution with Unnecessary Privileges

OWASP

  • A04:2021: Insecure Design

Available Labs

Open Container labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.