TrueFoundry Cognita Path Traversal Vulnerability Leading to Remote Code Execution
Vulnerability
A path traversal vulnerability has been identified in TrueFoundry's Cognita framework, specifically in versions where the Local environment variable is set to true, such as the default Docker setup. This vulnerability allows an attacker to overwrite critical Python files, which are then executed by the server, leading to remote code execution within the Docker container.
Impact
Exploitation of this vulnerability allows for remote code execution in the context of the Docker container running Cognita.
Reproduction
To reproduce this vulnerability, deploy Cognita in a Docker environment with the Local environment variable set to true. Once the application is running, upload a file through the internal API endpoint '/v1/internal/upload-to-local-directory' that traverses the file path to overwrite the '/app/backend/__init__.py' file. The Uvicorn server, which is set to auto-reload, will execute the modified file, resulting in remote code execution.
Remediation
Users can update to the latest version of Cognita, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.