Horizon Alert
Summary of the vulnerability and why it matters
Coolify is affected by a critical vulnerability that allows authenticated users with basic privileges to execute arbitrary commands on the server. This could lead to a full system compromise. The primary concern is to confirm if your Coolify instances are affected and determine the potential exposure.
- Allows basic users to run commands on the server.
- Critical vulnerability could lead to full server compromise.
- Confirm exposure and relevance to your environment.
Attack Path
How an attacker could exploit the issue
An attacker with low-level member privileges can inject arbitrary shell commands by manipulating the Git Repository field during project creation. This vulnerability, present in Coolify versions prior to v4.0.0-beta.420.7, allows for the execution of commands on the host system, potentially leading to a full server compromise.
- Authenticated, low-privilege access required.
- Inject commands via Git Repository field.
- Full server compromise possible.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability could allow an authenticated user with member privileges to execute arbitrary commands on the server where Coolify is installed, potentially leading to a full system compromise. This occurs when a specially crafted repository string, containing shell command syntax, is provided during project creation.
- Server host system commands.
- Injecting commands into Git repository field.
- Full server compromise.
Operational Fix
Recommended remediation, mitigation, and detection steps
In a real-world scenario, the platform or application owners are likely responsible for Coolify, as it manages project deployments. Infrastructure or platform teams would also be involved in ensuring the underlying host system's security. The first practical step is to identify all instances of Coolify, determine their reachability and criticality, and locate the accountable owner for remediation planning.
- Platform owners should manage this issue.
- Verify Coolify's reachability and criticality.
- Plan remediation based on exposure.