Coolify Private Key Hijacking and Remote Code Execution Vulnerability

A critical vulnerability allowing private key hijacking and remote code execution has been identified in Coolify versions prior to 4.0.0-beta.361. The issue arises from a lack of proper authorization, which enables any authenticated user to attach an existing private key to their own server. If the server's IP/domain, port (likely 22), and user (root) align with those of the victim's server, the attacker can exploit the 'Terminal' feature to execute arbitrary commands on the victim's server.

Impact

Exploitation of this vulnerability allows for unauthorized attachment of private keys, leading to remote code execution on the victim's server.

Reproduction

To reproduce this vulnerability, an authenticated user can use the 'Terminal' feature to execute commands on a victim's server, provided that the server's IP/domain, port, and user match the attacker's server configuration. The attacker must first attach a private key to their server, exploiting the missing authorization that allows access to existing private keys on the Coolify instance.

Remediation

Users can upgrade to Coolify version 4.0.0-beta.361 or later to address this vulnerability.