Horizon Alert
Summary of the vulnerability and why it matters
This advisory concerns a vulnerability in the Dokku platform-as-a-service tool that could allow an attacker with limited access to gain unrestricted shell access by overwriting critical user files. The issue stems from how certain archive commands handle user-supplied files, enabling the attacker to write arbitrary files to the system.
- Archive commands permit arbitrary file writes.
- Allows unauthorized shell access to the system.
- Confirm if this platform is in use.
Attack Path
How an attacker could exploit the issue
An attacker with limited privileges could exploit this vulnerability by tricking an administrator into running specific commands. These commands allow the extraction of archive files. If these archives contain malicious entries, like symbolic links, an attacker could manipulate the extraction process to write files to arbitrary locations on the server. This could lead to gaining unrestricted shell access to the server.
- Requires authenticated user access.
- Triggered by archive extraction commands.
- Risk of arbitrary file write, leading to RCE.
Live Threat
Current exploitation, exposure, and threat context
When supported by the advisory, the `git:from-archive` and `certs:add` commands could allow an attacker to write arbitrary files to locations writable by the `dokku` user by exploiting archive extraction vulnerabilities. This could lead to unrestricted shell access on the server.
- Server files and `dokku` user data.
- Malicious archives uploaded to commands.
- Unrestricted server shell access.
Operational Fix
Recommended remediation, mitigation, and detection steps
This vulnerability in Dokku impacts PaaS environments and is likely a shared responsibility between platform or infrastructure teams managing Dokku deployments and potentially application owners who utilize the `git:from-archive` or `certs:add` commands. The initial step involves identifying all Dokku instances, determining their reachability and business criticality, and then locating the accountable owners to plan remediation, prioritizing actions based on observed risk.
- Platform/application owners should investigate.
- Verify Dokku instance reachability and criticality.
- Plan targeted remediation or vendor engagement.