5.23 Do not docker exec commands with user option

Information

Do not docker exec with --user option.Using --user option in docker exec executes the command within the container as that
user. This could potentially be insecure and unsafe to do especially when you are running
containers with dropped capabilities or with enhanced restrictions.For example, suppose your container is running as tomcat user (or any other non-root
user), it would be possible to run a command through docker exec as root with --
user=root option. This could potentially be dangerous.

Solution

Do not use --user option in docker exec command.Impact-None.Default Value-By default, docker exec command runs without --user option.

See Also

https://workbench.cisecurity.org/files/517