-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RCE through TorchServe Management API #360
Conversation
Hi @execveat! Unfortunately, I don't have access to update any of the submitted files, and we are seeing linter errors on our end. Please read #68 for how the file structure and linter should be formatted. For example, all codes should be placed under the Just curious if there's a need for empty file serialized.pt. Please also clean up the commented out codes from TorchServeManagementApiTestBase.java and update all 2023 references to 2024. Thank you :) |
Hey, @nttran8! I've expanded the wildcard imports, and I don't see any other linter issues right now. Here is how I'm running find doyensec/ -name '*.java' -exec java -jar ../google-java-format-1.22.0-all-deps.jar -i {} \; Report publisher I don't mind renaming these back to The empty The model is a ZIP file, so it could have been provided as a binary as well, however I felt that building the archive dynamically is a better approach for transparency reasons, given it is demonstrating remote code execution. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First round of code review: so far, so good. I will test it more thoroughly soon. Could you address the few notes?
Thanks
~tooryx
} | ||
|
||
ext { | ||
tsunamiVersion = '0.0.14' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please, ensure to use the latest version here.
} | ||
|
||
@Test | ||
public void isServiceVulnerable_returnsNullIfServiceIsNotTorchServe() throws IOException { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please consider rewriting the tests in the format fuction_condition_result
, for example here: isServiceVulnerable_whenBasicAndVulnerable_returnsNull
This plugin detects exposed TorchServe Management API instances, assessing the remote code execution (RCE) risk. This risk can be caused by ShellTorch/CVE-2022-1471 (insecure defaults), or by server misconfiguration.
The exploitation chain used is different from the one described by Oligo Security (https://www.oligo.security/shelltorch) and does not rely on insecure deserialization, so it achieves command execution on all tested TorchServe versions, including the latest one (9.0).
The exploitation occurs through adding a malicious model, so there is need for staging which AFAIK is not supported by the Callback Server right now, so there are four modes to achieve the best results out of box & provide additional customization options:
Configuration supports both CLI args and config file. If no configuration has been provided, plugin falls back to SSRF if callback server has been enabled or BASIC if it has been not. In the BASIC mode the severity of the finding is set to LOW, in other modes it's CRITICAL - but only if the verification has been confirmed, otherwise there is no finding at all.