Neko Privilege Escalation Vulnerability Allowing Full Administrative Control

A privilege escalation vulnerability has been identified in Neko, a self-hosted virtual browser that operates in Docker and utilizes WebRTC. This vulnerability is present in versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1. It allows any authenticated user to gain full administrative control over the entire Neko instance, including member management, room settings, broadcast control, and session termination. As a result, the vulnerability leads to a complete compromise of the Neko instance.

Impact

Exploitation of this vulnerability allows authenticated users to obtain full administrative rights on the Neko instance, leading to a complete compromise of the application's management and control features.

Remediation

Users are advised to upgrade to Neko version 3.0.11 or 3.1.2. If an immediate upgrade is not possible, access should be restricted to trusted users, the instance should only be run when needed, and the '/api/profile' endpoint access should be disabled or restricted if feasible.