Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability impacts Coolify, a platform for managing application deployments, specifically affecting versions prior to v4.0.0-beta.420.6. It allows authenticated users with low-level privileges to gain full administrative control of the underlying server by injecting malicious code into the deployment process. The main concern is confirming relevance and exposure.
- Unauthorized users can seize full server control.
- It affects deployment tools, a critical infrastructure component.
- Assess exposure and confirm relevance to your environment.
Attack Path
How an attacker could exploit the issue
An attacker with low-level member privileges can exploit this vulnerability by creating a project and injecting malicious Docker Compose directives. This allows them to mount the host's root filesystem, ultimately leading to full root access on the underlying server.
- Authenticated access required.
- Malicious Docker Compose injection.
- Full root server compromise.
Live Threat
Current exploitation, exposure, and threat context
An authenticated user with member privileges could leverage this vulnerability to inject malicious Docker Compose directives. This could lead to the mounting of the host's root filesystem, effectively granting root access to the underlying server.
- Server root filesystem access.
- Malicious directives injected during project creation.
- Full root control of the server.
Operational Fix
Recommended remediation, mitigation, and detection steps
The Coolify platform, specifically versions prior to v4.0.0-beta.420.6, presents a critical remote code execution risk. This vulnerability allows authenticated users with low-level privileges to inject malicious Docker Compose directives, potentially granting attackers root access to the underlying server by mounting the host's filesystem. The first practical move involves identifying all instances of Coolify, confirming their reachability and business criticality, and then locating the accountable owner for remediation planning.
- Application owners should manage this issue.
- Verify affected Coolify instances and their exposure.
- Plan remediation during scheduled maintenance windows.