FastGPT Agent-Sandbox Unauthenticated Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the agent-sandbox component of FastGPT, affecting versions 4.14.10 prior to 4.14.13. The vulnerability arises from a misconfiguration in the startup script, which disables authentication and exposes the service to all network interfaces. This allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution within the sandbox environment. This could lead to unauthorized access to sensitive information, such as environment variables and API keys, and could potentially be used to attack other services within the same network. Additionally, the compromised container could be misused for malicious activities, like cryptomining or launching DDoS attacks.

Reproduction

To reproduce this vulnerability, deploy the FastGPT application with the agent-sandbox component version 4.14.10 to prior 4.14.13. Ensure that the entrypoint.sh script is configured to disable authentication and bind the code-server to all network interfaces. Once the application is running, access the code-server interface through the exposed port. The absence of a password prompt indicates successful exploitation. Afterward, open the integrated terminal in the code-server environment and execute commands to verify the remote code execution.

Remediation

Users can update to FastGPT version 4.14.13 or later, where this vulnerability has been patched.