Horizon Alert
Summary of the vulnerability and why it matters
A vulnerability has been identified in Kopia, a cross-platform backup tool, affecting its HTTP server component when it is not password-protected. This flaw could allow unauthenticated requests to execute arbitrary commands on affected systems. The main concern at this time is confirming if this specific Kopia configuration is in use within our environment.
- Unauthenticated Kopia server can run commands.
- Important if using unauthenticated Kopia server.
- Confirm if unauthenticated Kopia server is used.
Attack Path
How an attacker could exploit the issue
An attacker could exploit Kopia's HTTP server, when run without a password, by sending unauthenticated requests to a specific API endpoint. This allows them to supply a malicious SFTP storage configuration. When Kopia processes this configuration, it can be tricked into executing arbitrary commands on the server due to how it handles SSH arguments, potentially leading to full system compromise.
- Unauthenticated network access required.
- Attacker controls SSH arguments in configuration.
- Leads to arbitrary command execution.
Live Threat
Current exploitation, exposure, and threat context
When Kopia's HTTP server is started without a password, unauthenticated requests can be forwarded to the SFTP storage configuration. This could allow an attacker to execute arbitrary commands on the system running Kopia by leveraging specially crafted SSH arguments.
- Backup configurations and system access.
- Unauthenticated HTTP requests to the server.
- Arbitrary command execution on the host.
Operational Fix
Recommended remediation, mitigation, and detection steps
The Kopia HTTP server, particularly when configured without a password, is susceptible to unauthenticated requests that could lead to command execution. System owners and platform teams responsible for Kopia deployments should prioritize identifying instances of this HTTP server, assessing their exposure, and determining the accountable application or service owner. The immediate first step involves confirming the presence and reachability of the Kopia HTTP server, followed by a risk-based remediation plan.
- Application owners should verify Kopia HTTP server instances.
- Confirm reachability and business criticality first.
- Plan remediation based on identified risks.