Polyaxon Unauthorized File Deletion Vulnerability Leading to Denial-of-Service

A vulnerability allowing unauthorized file deletion has been identified in the latest version of the Polyaxon platform. This issue can cause a denial-of-service by terminating essential containers. Exploitation of this vulnerability allows an attacker to delete critical files within the containers, such as 'polyaxon.sock', which is vital for the API container's operation. The removal of this file causes the container to exit unexpectedly, disrupting related services and causing the system to malfunction. Notably, this exploitation does not require authentication or UUID parameters.

Impact

Exploitation of this vulnerability causes the 'polyaxon-polyaxon-api' container to crash, disrupting the Polyaxon agent as well. While Kubernetes automatically restarts the API container, this process takes time, leading to significant service downtime. The agent container's failure to connect to the restarted API further exacerbates the service disruption, causing a widespread denial-of-service across the platform.

Reproduction

To reproduce this vulnerability, first identify the target container by listing all containers in the 'polyaxon' namespace. Once the target API container is identified, access it and navigate to the '/polyaxon/web' directory to locate the 'polyaxon.sock' file, which is crucial for the API service. After confirming the file's presence, send a DELETE request through the API to remove 'polyaxon.sock'. This action will force the API container to exit, causing a denial-of-service. The impact can be observed by checking the container's status, which will show it has exited, leading to a 'CrashLoopBackOff' status for the agent container.