Horizon Alert
Summary of the vulnerability and why it matters
This advisory concerns a vulnerability in FastGPT, a knowledge-based AI application platform, that could allow for the injection of malicious code during the build process. Specifically, improperly secured workflow jobs could be tricked into downloading artifacts from untrusted sources, potentially leading to the deployment of attacker-controlled images.
- Unsafe build processes can introduce malicious code.
- Threat to supply chain integrity and code deployment.
- Verify relevance and exposure within development pipelines.
Attack Path
How an attacker could exploit the issue
An attacker could compromise the FastGPT platform by injecting malicious code into the project's build process. Specifically, by submitting a pull request with a compromised Docker image, an attacker could trick privileged workflow jobs into downloading and pushing these attacker-controlled images to GitHub Container Registry (GHCR). For documentation previews, these compromised images could then be deployed with sensitive secrets, potentially allowing further compromise.
- Entry condition: Submit a pull request with malicious code.
- Trigger point: Artifacts from untrusted pull requests are used.
- Resulting risk: Secrets deployed with documentation previews.
Live Threat
Current exploitation, exposure, and threat context
FastGPT's build process could allow an attacker to push malicious Docker images to GitHub Container Registry (GHCR). When supported by the advisory, these images could be used for documentation previews, potentially deploying with sensitive secrets.
- Attacker-controlled Docker images.
- Untrusted code in workflow files.
- Compromised secrets during previews.
Operational Fix
Recommended remediation, mitigation, and detection steps
The FastGPT platform's build process is susceptible to attack if untrusted code is introduced into specific workflow files. This could allow an attacker to push malicious Docker images to GHCR and potentially deploy them with secrets, impacting documentation preview functionality. Teams responsible for CI/CD pipelines and FastGPT platform administration should prioritize identifying affected systems and owners to plan remediation.
- Platform and security teams own this issue.
- Verify workflow configurations and artifact sources.
- Plan remediation during the next maintenance window.