Vulnerabilities Dashboard - Code

[nullify-latest[bot]]

Severity Threshold: 🔵 MEDIUM

1 Potential vulnerability sources found within this repo

🔴 CRITICAL	🟡 HIGH	🔵 MEDIUM	⚪ LOW
0	1	0	0

ID: 01J9HD5ESXCWR9YC73AA2H0T97 Language: Containerfile Severity: 🟡 HIGH AVD-DS-0002

Image user should not be 'root'

The vulnerability in the Dockerfile of the Nullify Platform CLI tool represents a moderate security risk. Running containers as root can potentially lead to container escape situations, which could compromise the security of the host system and the data processed by the CLI tool.

Key findings:

1. Platform Impact: Affects the Infrastructure, with potential impacts on confidentiality and integrity through software configuration access.
2. Tenant Impact: Potentially affects many tenants using the CLI tool, but impact is limited to individual instances.
3. Data Impact: Mainly affects confidential data, including internal data and potentially customer scan results.
4. No compensating controls are identified.

The vulnerability's impact is mitigated by the nature of the CLI tool, which is not a continuously running service, limiting the window of opportunity for exploitation. Read more: https://avd.aquasec.com/misconfig/ds002 https://github.com/Nullify-Platform/cli/blob/f53da7943fa8924a1ce378f9648155eb6d98cd1b/Dockerfile#L1

Reply with /nullify to interact with me like another developer

[nullify-latest[bot]]

New code security updates for commit 915211e3c532d0c9adde7af0f3d673b3e0d1841b

New	Fixed	Allowlisted	Unallowlisted
0	1	0	0

See Details

### New Fixed Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HV0RQ51HA1KM1K90ZSH0F7C0 | Potential file inclusion via variable | internal/lib/openapi.go | 16 | 22 |