- Context: Cloud
- Category: Vulnerability (Container Privilege Escalation)
- Severity: Medium
Evidence
# Dockerfile
FROM node:20-alpine
RUN corepack enable && ...
WORKDIR /app
COPY ...
RUN pnpm run build
EXPOSE 3000
CMD ["pnpm", "start"]
No USER directive is present. The Node.js process runs as root (UID 0) inside the container. If the application is compromised (e.g., via RCE through a dependency vulnerability), the attacker has full root access to the container filesystem, including all environment variables, mounted secrets (dot_env), and potentially the container runtime socket if it is mounted.
Affected files: Dockerfile
Evidence
No
USERdirective is present. The Node.js process runs as root (UID 0) inside the container. If the application is compromised (e.g., via RCE through a dependency vulnerability), the attacker has full root access to the container filesystem, including all environment variables, mounted secrets (dot_env), and potentially the container runtime socket if it is mounted.Affected files:
Dockerfile