Horizon Alert
Summary of the vulnerability and why it matters
This advisory concerns a critical vulnerability in Coolify, a tool used for managing servers, applications, and databases. The issue allows authenticated users to potentially access resources belonging to other teams, which could lead to unauthorized data exposure and modification. The main concern is confirming relevance and exposure within our environment.
- Unauthorized access to other teams' resources.
- Could expose sensitive cross-tenant data.
- Confirm if Coolify is in use.
Attack Path
How an attacker could exploit the issue
An authenticated user could exploit this vulnerability by cloning resources to unintended destinations. This occurs because the system improperly checks where resources can be cloned, allowing an attacker to bypass tenant restrictions and access or modify data belonging to other users or teams, potentially leading to significant data breaches or disruptions.
- Requires authenticated user access.
- Clone action improperly resolves destination resources.
- Cross-tenant resource access and modification.
Live Threat
Current exploitation, exposure, and threat context
An authenticated user could clone resources into destinations owned by other teams, potentially granting unauthorized access to cross-tenant data. This could occur when the `cloneTo()` action in ResourceOperations.php resolves destination resources using unscoped Eloquent lookups, bypassing intended access controls.
- Cross-tenant resource data.
- Unscoped lookups when cloning resources.
- Unauthorized access to other teams' data.
Operational Fix
Recommended remediation, mitigation, and detection steps
The Coolify platform's administration and application owners are likely responsible for addressing this vulnerability. The first critical step is to identify all instances of Coolify within the environment, determine their exposure and business criticality, and then confirm the accountable owner for each instance to plan remediation.
- Identify Coolify instances and owners.
- Verify resource access and scope.
- Plan and coordinate updates.