AstrBotDevs AstrBot Arbitrary Code Execution Vulnerability via Malicious Plugin Upload

A vulnerability allowing arbitrary code execution has been identified in AstrBot versions through 4.22.1. This issue arises in the 'install-upload' endpoint, specifically within the 'install_plugin_upload' function of 'astrbot/dashboard/routes/plugin.py'. The vulnerability allows authenticated users to upload malicious ZIP files containing Python code, which is then executed on the server without any verification or sandboxing. The exploitation can be performed remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary Python code on the server, with the same privileges as the AstrBot process. This could lead to a full server compromise, including unauthorized access to sensitive data such as API keys and chat history, and the potential installation of backdoors for future access.

Reproduction

To reproduce this vulnerability, first create a malicious plugin ZIP file that includes a 'metadata.yaml' file and a 'main.py' file. The 'main.py' file should contain code that executes arbitrary commands, such as writing to a file. Once the ZIP file is prepared, it can be uploaded through the '/api/plugin/install-upload' endpoint using a POST request. After the upload, the executed code can be verified by checking the contents of the file that was written to.

Remediation

Users are advised to update to AstrBot version 4.23.0 or later, where this vulnerability has been addressed.