Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)
Vulnerability Description
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able to kick every other member out of the team, including admins and owners. This allows the attacker to access the `Terminal` feature and execute remote commands. Version 4.0.0-beta.361 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
Coolify 安全漏洞
Vulnerability Description
Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify 4.0.0-beta.361版本之前存在安全漏洞,该漏洞源于缺少授权,允许任何经过身份验证的用户将其或任何其他团队成员的权限提升到任何角色,包括所有者角色。
CVSS Information
N/A
Vulnerability Type
N/A