Dokploy Command Injection Vulnerability Allowing Arbitrary OS Command Execution
Vulnerability
A command injection vulnerability has been identified in Dokploy, a self-hostable Platform as a Service (PaaS) for application and database management. This vulnerability affects versions prior to 0.23.6. It allows authenticated, low-privileged users to execute arbitrary operating system commands on the Dokploy host. The issue arises in the tRPC procedure 'docker.getContainersByAppNameMatch', where the 'appName' parameter is interpolated into a Docker CLI command without proper sanitization. This exploitation occurs under the Dokploy service account.
Impact
Exploitation of this vulnerability allows for arbitrary OS command execution on the Dokploy host.
Reproduction
To reproduce this vulnerability, an authenticated user must send a request to the 'docker.getContainersByAppNameMatch' procedure with a crafted 'appName' value that includes malicious commands. The lack of input validation allows the injected commands to be executed on the host system via the Docker CLI.
Remediation
Users can upgrade to Dokploy version 0.23.7 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.