Dockerfile Security Flaw: Node.js Process Runs as Root, Exposing Container to Privilege Escalation

A critical security oversight has been identified in a Dockerfile configuration, where the Node.js application process runs with full root privileges inside the container. The Dockerfile lacks a `USER` directive, defaulting the container's entrypoint to the root user. This violation of the principle of least privilege creates a direct path for attackers to gain root-level control if they exploit any vulnerability within the application.

Verification confirms the exposure: building and running the container with a simple `whoami` command returns `root`. The vulnerable configuration is present in a file using the `node:22-alpine` base image, where the entrypoint executes `node dist/index.js` without first creating and switching to a non-privileged user. This leaves the entire containerized environment operating with unnecessary and dangerous system-level permissions.

The risk is severe. If an attacker successfully exploits a vulnerability—such as a CVE in a dependency or a bug triggered via the API—they immediately achieve root access within the container. This elevated position can facilitate container escape on certain runtimes, grant full permissions to any mounted secrets or volumes, allow arbitrary modification of the container filesystem, and enable the installation of tools for further lateral movement. The absence of this basic security hardening step represents a significant and avoidable attack surface for any deployment using this image.