Horizon Alert
Summary of the vulnerability and why it matters
A vulnerability has been identified in Coolify, an open-source server management tool, where certain terminal functions did not properly restrict access. This could allow a user with limited privileges to execute commands on team servers, potentially impacting system integrity and data confidentiality. The main concern is confirming relevance and exposure within our environment.
- Unauthorized command execution on managed servers.
- Confirms need for access control review.
- Verify if our Coolify instances are affected.
Attack Path
How an attacker could exploit the issue
An attacker with low-level access to the Coolify platform could potentially gain control over a team's servers. This is possible because the terminal websocket routes do not adequately check if a user is authorized to execute commands, even if they are already logged in. Successful exploitation could lead to attackers executing arbitrary commands on servers managed by Coolify.
- Low-privileged user can access terminal.
- Unauthorized commands are executed on servers.
- Complete server control is a potential risk.
Live Threat
Current exploitation, exposure, and threat context
When supported by the advisory, a low-privileged team member could connect to terminal routes and execute commands on team servers. This could affect system data and service behavior when this vulnerability is present.
- System commands and data at risk.
- Unauthorized terminal access executes commands.
- Full system compromise of the server.
Operational Fix
Recommended remediation, mitigation, and detection steps
As Coolify is a self-hosted management tool for servers, applications, and databases, the platform or infrastructure teams responsible for its deployment and maintenance are likely the first point of contact. The initial action should be to locate all instances of Coolify, determine their exposure (internal vs. external), assess business criticality, and identify the specific application or system owners. This will enable a risk-based approach to planning remediation, potentially involving vendor coordination for updates.
- Platform or infrastructure team ownership.
- Verify Coolify instance exposure and criticality.
- Plan remediation based on identified risk.