MaxKB Reverse Shell Vulnerability for Privileged Users
Vulnerability
A reverse shell vulnerability has been identified in MaxKB, an open-source knowledge base question-answering system that utilizes a large language model and retrieval-augmented generation. This vulnerability, present in versions through 1.10.3-lts, allows privileged users to create a reverse shell by exploiting a flaw in the function library module. The issue arises from improper handling of user permissions, enabling the execution of arbitrary commands that can be used to establish a reverse shell connection.
Impact
Exploitation of this vulnerability allows for the creation of a reverse shell, giving an attacker remote access to the affected system with the privileges of the user running the application.
Reproduction
To reproduce this vulnerability, a privileged user can execute Python code that creates a reverse shell within the function library module. This can be done by uploading a payload that, when executed, opens a reverse shell connection to the attacker's machine.
Remediation
Users can upgrade to MaxKB version 1.10.4-lts to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.