<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Marimo - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/marimo/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 26 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/marimo/feed.xml" rel="self" type="application/rss+xml"/><item><title>Marimo Pre-Auth RCE via Terminal WebSocket Authentication Bypass</title><link>https://feed.craftedsignal.io/briefs/2024-01-26-marimo-rce/</link><pubDate>Fri, 26 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-26-marimo-rce/</guid><description>Marimo versions 0.20.4 and earlier contain a pre-authentication remote code execution vulnerability in the `/terminal/ws` WebSocket endpoint, allowing unauthenticated attackers to execute arbitrary system commands, resulting in a full interactive root shell.</description><content:encoded><![CDATA[<p>Marimo, a Python notebook tool, is vulnerable to pre-authentication remote code execution (RCE) due to a flaw in the <code>/terminal/ws</code> WebSocket endpoint. Specifically, versions up to and including 0.20.4 lack proper authentication validation on this endpoint. This allows an unauthenticated attacker to bypass security measures and establish a direct connection to a PTY (pseudo-terminal) shell. The vulnerability resides in <code>marimo/_server/api/endpoints/terminal.py</code> where the <code>/terminal/ws</code> endpoint skips authentication checks present in other WebSocket endpoints like <code>/ws</code>. Successful exploitation grants the attacker the ability to execute arbitrary system commands with elevated privileges, particularly root in default Docker deployments, posing a significant risk to affected systems.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker sends a WebSocket connection request to the <code>/terminal/ws</code> endpoint on the target Marimo server (e.g., <code>ws://TARGET:2718/terminal/ws</code>).</li>
<li>The server, lacking authentication validation on this endpoint, directly accepts the WebSocket connection using <code>websocket.accept()</code>.</li>
<li>The server proceeds to create a PTY (pseudo-terminal) child process using <code>pty.fork()</code>.</li>
<li>This action establishes a full, interactive shell session for the attacker.</li>
<li>The attacker can then send arbitrary commands to the shell via the established WebSocket connection.</li>
<li>These commands are executed on the server with the privileges of the Marimo process (typically root in default Docker deployments).</li>
<li>The attacker receives the output of the executed commands through the WebSocket connection.</li>
<li>The attacker can continue to send and execute commands, effectively gaining complete control over the server.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of this vulnerability allows an unauthenticated attacker to gain complete control over a Marimo server. Because the commands are executed with the privileges of the Marimo process (root within a Docker container), the attacker can perform any action on the system, including installing malware, accessing sensitive data, or disrupting services. The absence of required authentication and the ease of exploitation make this a critical vulnerability.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply the suggested remediation from the Marimo advisory by adding authentication validation to the <code>/terminal/ws</code> endpoint, consistent with the <code>/ws</code> endpoint which uses <code>WebSocketConnectionValidator.validate_auth()</code>.</li>
<li>Deploy the Sigma rule &quot;Detect Unauthenticated Marimo Terminal WebSocket Connection&quot; to detect exploitation attempts in real-time based on network connection logs.</li>
<li>Update Marimo to a patched version (&gt;= 0.23.0) once available to fully resolve the vulnerability.</li>
<li>As an interim mitigation, restrict network access to the Marimo server to trusted sources.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>marimo</category><category>rce</category><category>websocket</category></item></channel></rss>