Badlogic Pi-Mono Unauthenticated Remote Code Execution Vulnerability in Slack Bot

A critical unauthenticated remote code execution vulnerability exists in the Badlogic Pi-Mono application, specifically in versions through 0.58.4, within the Pi-Mom Slack bot component. The vulnerability arises from an authentication bypass that allows any member of a Slack workspace to send messages to the bot. These messages are processed without any application-level authentication, enabling the execution of arbitrary shell commands on the host system via a direct message or @mention. The exploitation can be carried out remotely, and the vulnerability is currently public.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the host machine where the Slack bot is running. The executed commands are performed with full privileges, bypassing any application-level security measures.

Reproduction

To reproduce this vulnerability, install the Pi-Mono application version 0.58.4 or earlier and deploy the Pi-Mom Slack bot. Once the bot is active in a Slack workspace, any member can send a direct message or @mention the bot. The message content will be forwarded to a language model, which can execute commands on the host system without any restrictions. This can be done by including a command in the message, such as a request to download and execute a script from a remote server.

Remediation

Users are advised to update to a version of Badlogic Pi-Mono that addresses this vulnerability. If no update is available, consider removing the Pi-Mom Slack bot from the workspace to prevent exploitation.