Dozzle Interactive Shell Access Vulnerability via Agent-Backed Endpoints

A vulnerability in Dozzle prior to version 9.0.3 allows users with specific label filters to access interactive root shells in out-of-scope Docker containers on the same agent host. This issue arises from the agent's shell endpoints ignoring label-based restrictions when resolving container IDs, enabling unauthorized access to containers that should be off-limits.

Impact

Exploitation of this vulnerability bypasses authorization controls, allowing users to gain interactive root access to containers outside their designated label scope. This access includes the ability to read, modify, and disrupt processes within the targeted containers.

Reproduction

The vulnerability can be reproduced by creating a Docker user with a label filter that restricts access to certain environments. After logging in as this user, a WebSocket connection can be established to an out-of-scope container's exec endpoint, using a valid JWT and the target container ID. This process can be automated with a script that sets up the necessary Docker containers and user permissions.

Remediation

Users can update to Dozzle version 9.0.3 or later, where this vulnerability has been patched. For those using version 9.0.2, it is recommended to manually apply the patch available in version 9.0.3.