This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OS Command Injection in Coolify's Database Backup feature. π **Consequences**: Attackers can execute arbitrary system commands via uncleaned database names.β¦
π‘οΈ **Root Cause**: CWE-78 (OS Command Injection). π **Flaw**: The application fails to sanitize user-supplied database names before passing them to system shell commands.β¦
π **Auth Required**: Yes. CVSS vector indicates PR:L (Privileges Required: Low). π« **External Access**: Not directly exploitable from the internet without valid credentials.β¦
π **Public Exploit**: Yes. A public security advisory and PoC are available on GitHub (0xrakan). π’ **Status**: Active disclosure. β οΈ **Risk**: Low-hanging fruit for attackers who have gained initial access.
Q7How to self-check? (Features/Scanning)
π **Check**: Look for Coolify instances running version < 4.0.0-beta.451. π οΈ **Feature**: Check if the 'Database Backup' function is enabled and accessible.β¦
β **Fixed**: Yes. Official patch released in **v4.0.0-beta.451**. π₯ **Action**: Upgrade Coolify immediately. π **Ref**: See GitHub Security Advisory GHSA-vm5p-43qh-7pmq for details.
Q9What if no patch? (Workaround)
π§ **Workaround**: If upgrading is impossible, restrict access to the Database Backup feature. π **Access Control**: Ensure only trusted, authenticated users can trigger backups.β¦
π₯ **Priority**: HIGH. π **CVSS**: 9.8 (Critical). π **Urgency**: Patch immediately upon upgrade. Even though auth is required, the impact is severe (S:C, C:H, I:H, A:H). Don't wait!