Horizon Alert
Summary of the vulnerability and why it matters
A critical vulnerability exists in the Aperi'Solve steganalysis web platform, affecting versions 3.1.3 through 3.2.0. This issue allows an unauthenticated attacker to execute commands with root-level privileges within the worker container via a single HTTP request. Such an attack could lead to unauthorized access and modification of sensitive user data, including images, analysis results, and steganography passwords, with potential for further system compromise.
- Unauthenticated attackers gain root control of containers.
- Critical flaw impacts data, passwords, and system integrity.
- Confirm relevance and assess exposure to sensitive data.
Attack Path
How an attacker could exploit the issue
An attacker can exploit this vulnerability by sending a single HTTP request to the Aperi'Solve web platform, leveraging its JPEG upload functionality. By providing a specially crafted password, the attacker can trick the system into executing arbitrary commands within its worker container. This allows them to gain root-level access, read and write all user data, and potentially compromise connected databases and other network services, with the possibility of escalating to full host compromise.
- Requires network access, no authentication needed.
- Uploading a JPEG with a malicious password.
- Root container RCE, data theft, and host compromise.
Live Threat
Current exploitation, exposure, and threat context
When supported by the advisory, an unauthenticated attacker could achieve root-level command execution within the worker container. This could lead to the compromise of all user-uploaded images, analysis results, and stored plaintext steganography passwords. Pivoting to the shared Docker network could also expose PostgreSQL and Redis databases, potentially allowing for full database dumping or manipulation of job queues.
- User-uploaded images and passwords at risk.
- Attacker achieves RCE via HTTP request.
- Full host compromise or data exfiltration.
Operational Fix
Recommended remediation, mitigation, and detection steps
The Aperi'Solve web platform, used for steganalysis, is likely managed by application or platform teams responsible for its deployment and operational integrity. Given the criticality of this vulnerability, the first practical step is to locate all instances of Aperi'Solve, determine their reachability and business criticality, and then identify the accountable owner for remediation planning.
- Application owners should lead the response.
- Verify all Aperi'Solve deployments and reachability.
- Plan and coordinate host or container updates.