Coolify Privilege Escalation Vulnerability Allowing Remote Code Execution

A critical privilege escalation vulnerability has been identified in Coolify versions prior to 4.0.0-beta.361. The issue arises from missing authorization, which allows any authenticated user to elevate their privileges or those of team members to any role, including owner. This capability extends to removing any team member, such as admins or owners. Exploitation of this vulnerability enables access to the 'Terminal' feature, where remote commands can be executed.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users to gain owner rights and remove other team members, including admins. This access can be used to execute remote commands via the 'Terminal' feature.

Reproduction

To reproduce this vulnerability, an authenticated user can invoke methods to escalate privileges of themselves or other team members to the owner role. After gaining owner privileges, the user can remove any team member from the team, including admins and other owners. Once the desired privileges are obtained, the 'Terminal' feature can be accessed to execute remote commands.

Remediation

Users are advised to update Coolify to version 4.0.0-beta.361 or later.