Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting array without adequate input validation. While the code validates that artifacts exist in the validInvestigationArtifacts map, it fails to sanitize the actual command content after the "command:" prefix. This allows an attacker who can control metadata responses to inject and execute arbitrary OS commands with root privileges. The attack is triggered by sending a TCP packet with specific sequence numbers to the SSH port, which causes the agent to fetch metadata from http://169.254.169.254/metadata/v1.json. The vulnerability affects the command execution flow in internal/troubleshooting/actioner/actioner.go (insufficient validation), internal/troubleshooting/command/exec.go (direct exec.CommandContext call), and internal/troubleshooting/command/command.go (command parsing without sanitization). This can lead to complete system compromise, data exfiltration, privilege escalation, and potential lateral movement across cloud infrastructure.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Droplet Agent 安全漏洞
Vulnerability Description
Droplet Agent是美国DigitalOcean开源的一个用于管理和监控DigitalOcean Droplets的工具。 Droplet Agent 1.3.2及之前版本存在安全漏洞,该漏洞源于故障排除执行器组件处理元数据时未充分验证输入,可能导致能够控制元数据响应的攻击者注入并执行具有root权限的任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A