bleon-ethical API Gateway Deploy OS Command Injection and Privilege Escalation Vulnerability

A critical vulnerability has been identified in bleon-ethical/api-gateway-deploy version 1.0.0, involving OS command injection and privilege escalation. This vulnerability allows an attacker to execute arbitrary commands with root privileges within the container, potentially escaping the container and making unauthorized modifications to the infrastructure. The issue arises in the entrypoint.sh script, where the sed command is used to replace strings in a temporary Swagger file. The variable $INPUT_CORS_DOMAIN is vulnerable to injection, as it is not properly sanitized or delimited, enabling attackers to manipulate the command execution.

Impact

Exploitation of this vulnerability allows for remote code execution with root privileges in the container, which could lead to a container escape and unauthorized changes to the infrastructure.

Remediation

The vulnerability has been fixed in version 1.0.1 by sanitizing inputs and securing delimiters in the entrypoint.sh script, enforcing the use of a non-root user in the Dockerfile, and implementing mandatory security quality gates.