Description
ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. This vulnerability is fixed in 0.8.2.
Published: 2026-05-12
Score: 3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

ciguard is a static security auditor used in CI/CD pipelines. The published container image from version 0.1.0 to 0.8.1 lacks a USER directive in its Dockerfile, so it inherits the default root user. This means any process running inside the container during a pipeline execution runs with root privileges, introducing improper privilege management and the potential for privilege escalation within the CI environment. The CVSS score of 3 reflects a low severity impact under normal conditions, but the presence of root access in the container could be leveraged by an attacker who gains influence over the CI process.

Affected Systems

Jo‑Jo98 provides ciguard, a static security auditor container image. Versions from 0.1.0 to 0.8.1 are affected because the image runs as root. The issue was resolved in version 0.8.2.

Risk and Exploitability

The CVSS score of 3 indicates low severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves using the vulnerable container image within a CI/CD pipeline. An attacker who can influence the pipeline could execute privileged commands inside the container because it runs as root. Since the container runs as root, privilege could be used to compromise downstream services if host isolation or capabilities are not properly restricted. The impact remains confined to the CI environment unless additional escape mechanisms exist, and the lack of KEV listing suggests widespread exploitation has not been observed.

Generated by OpenCVE AI on May 12, 2026 at 21:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to ciguard image version 0.8.2 or later where a non‑root USER is enforced.
  • Ensure all CI/CD pipeline Dockerfiles explicitly set a non‑root USER to prevent inadvertent root privileges.
  • Apply least privilege to CI runners, disabling privileged mode and unnecessary capabilities to limit potential impact.

Generated by OpenCVE AI on May 12, 2026 at 21:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jrm4-4pcf-4763 ciguard: Container image runs as root (no USER directive)
History

Thu, 14 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Jo-jo98
Jo-jo98 ciguard
Vendors & Products Jo-jo98
Jo-jo98 ciguard

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. This vulnerability is fixed in 0.8.2.
Title ciguard: Container image runs as root (no USER directive)
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Jo-jo98 Ciguard
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-14T12:30:51.422Z

Reserved: 2026-05-05T15:42:40.517Z

Link: CVE-2026-44218

cve-icon Vulnrichment

Updated: 2026-05-14T12:30:48.310Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T20:16:42.637

Modified: 2026-05-13T17:02:28.447

Link: CVE-2026-44218

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:36:17Z

Weaknesses