[medium] semgrep: Service 'mailserver' allows for privilege escalation via setuid or setgid binaries. Add 'no-new-privileges:true' in 'security_opt' to prevent this. #28

New Issue

sharang · 2026-03-18T16:01:24Z

sharang commented

2026-03-18 16:01:24 +00:00

medium Finding

Scanner: semgrep
Severity: medium
Rule: yaml.docker-compose.security.no-new-privileges.no-new-privileges

Description

Service 'mailserver' allows for privilege escalation via setuid or setgid binaries. Add 'no-new-privileges:true' in 'security_opt' to prevent this.

Location

File: /tmp/compliance-scanner/repos/Compliance Scanner/deploy/docker-compose.mailserver.yml (line 4)

Code

requires login

Fingerprint: e67b8b8b43d137f064fe7a474eacd1f6930535ec07565e5279870d1d2658c58d
Generated by compliance-scanner

Labels: severity:medium, scanner:semgrep, compliance-scanner

## medium Finding **Scanner:** semgrep **Severity:** medium **Rule:** yaml.docker-compose.security.no-new-privileges.no-new-privileges ### Description Service 'mailserver' allows for privilege escalation via setuid or setgid binaries. Add 'no-new-privileges:true' in 'security_opt' to prevent this. ### Location **File:** `/tmp/compliance-scanner/repos/Compliance Scanner/deploy/docker-compose.mailserver.yml` (line 4) ### Code ``` requires login ``` --- *Fingerprint:* `e67b8b8b43d137f064fe7a474eacd1f6930535ec07565e5279870d1d2658c58d` *Generated by compliance-scanner* **Labels:** severity:medium, scanner:semgrep, compliance-scanner

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sharang/compliance-scanner-agent#28