OpenBullet2 Authenticated Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in OpenBullet2 versions through 0.3.2. This vulnerability allows authenticated users to execute arbitrary C# code on the server by creating or modifying job configurations. The plain C# execution mode, which lacks reference filtering or API restrictions, can be exploited to access the file system, spawn processes, and invoke arbitrary .NET APIs as the process user.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where OpenBullet2 is running.

Reproduction

To reproduce this vulnerability, an authenticated user can create or modify a job configuration in OpenBullet2 version 0.3.2. By using the plain C# execution mode, which is available without any reference filtering or API restrictions, the user can execute arbitrary C# code on the server. This can be done by uploading a script that accesses the file system, spawns processes, or calls .NET APIs as the user under which the OpenBullet2 process is running.

Remediation

Users are advised to update to a version of OpenBullet2 that is not affected by this vulnerability. If no update is available, consider setting a random API key in the application settings to temporarily protect against unauthorized access.