+ "details": "### Summary\n\nOneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the `oneuptime-probe` server/container.\n\nThe root cause is that untrusted Synthetic Monitor code is executed inside Node's `vm` while live host-realm Playwright `browser` and `page` objects are exposed to it. A malicious user can call Playwright APIs on the injected `browser` object and cause the probe to spawn an attacker-controlled executable.\n\nThis is a server-side remote code execution issue. It does not require a separate `vm` sandbox escape.\n\n## Details\n\nA normal project member can create or edit monitors and monitor tests:\n\n- `Monitor` access control: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Models/DatabaseModels/Monitor.ts#L45-L70\n- `MonitorTest` access control: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Models/DatabaseModels/MonitorTest.ts#L27-L52\n\nThe dashboard exposes a Playwright code editor for Synthetic Monitors and allows a user to queue a test run:\n\n- Synthetic Monitor editor: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorStep.tsx#L260-L289\n- `Test Monitor` flow: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorTest.tsx#L69-L83\n\nFor `MonitorType.SyntheticMonitor`, attacker-controlled `customCode` is passed into `SyntheticMonitor.execute(...)`:\n\n- https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Utils/Monitors/Monitor.ts#L323-L338\n\n`SyntheticMonitor.execute(...)` then calls `VMRunner.runCodeInNodeVM(...)` and injects live Playwright objects into the VM context:\n\n- https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Utils/Monitors/MonitorTypes/SyntheticMonitor.ts#L156-L168\n\nRelevant code path:\n\n```ts\nresult = await VMRunner.runCodeInNodeVM({\n code: options.script,\n options: {\n timeout: PROBE_SYNTHETIC_MONITOR_SCRIPT_TIMEOUT_IN_MS,\n args: {},\n context: {\n browser: browserSession.browser,\n page: browserSession.page,\n screenSizeType: options.screenSizeType,\n browserType: options.browserType,\n },\n },\n});\n```\n\n`VMRunner.runCodeInNodeVM(...)` wraps host objects in proxies, but it still forwards normal method calls with the real host `this` binding. It only blocks a few property names such as `constructor`, `__proto__`, `prototype`, and `mainModule`:\n\n- Blocked properties: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Server/Utils/VM/VMRunner.ts#L20-L25\n- Real host `this` binding during method calls: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Server/Utils/VM/VMRunner.ts#L81-L103\n- Additional context injection into the VM: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Server/Utils/VM/VMRunner.ts#L388-L395\n\nBecause of that, untrusted code can still use legitimate Playwright methods on the injected `browser` object.\n\nThe probe pins Playwright `1.58.2`:\n\n- https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/package-lock.json#L4438-L4459\n\nIn that version, `Browser.browserType()` returns a `BrowserType` object, and `BrowserType.launch()` accepts attacker-controlled `executablePath`, `ignoreDefaultArgs`, and `args`. Playwright then passes those values into a child-process spawn path.\n\nAs a result, a malicious Synthetic Monitor can do this from inside the sandboxed script:\n\n```javascript\nbrowser.browserType().launch({\n executablePath: \"/bin/sh\",\n ignoreDefaultArgs: true,\n args: [\"-c\", \"id\"],\n});\n```\n\nEven if Playwright later throws because the spawned process is not a real browser, the command has already executed.\n\nThis execution path is reachable through both one-shot monitor testing and normal scheduled monitor execution:\n\n- Monitor tests fetched by the probe: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Jobs/Monitor/FetchMonitorTest.ts#L55-L85\n- Scheduled monitor execution: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Jobs/Monitor/FetchList.ts#L96-L126\n\nThis appears distinct from prior `node:vm` breakout issues because the exploit does not need to recover `process` from the VM. The dangerous capability is already exposed by design through the injected Playwright object.\n\n### PoC\n\n1. Log in to the dashboard as a regular project member.\n2. Go to `Monitors` -> `Create New Monitor`.\n3. Select `Synthetic Monitor`.\n4. In the Playwright code field, paste:\n\n```javascript\n browser.browserType().launch({\n executablePath: \"/bin/sh\",\n ignoreDefaultArgs: true,\n args: [\n \"-c\",\n \"id\"\n ],\n timeout: 1000,\n }).catch((err) => {\n console.log(String(err));\n });\n\n return {\n data: {\n launched: true\n }\n };\n```\n\n5. Select one browser type, for example `Chromium`.\n6. Select one screen type, for example `Desktop`.\n7. Set retry count to `0`.\n8. Click `Test Monitor` and choose any probe.\n\nExpected result:\n\n- the monitor execution succeeded and in the Show More Details the command output is shown.\n<img width=\"1537\" height=\"220\" alt=\"image\" src=\"https://github.com/user-attachments/assets/4fa5b458-cae9-4ec8-add0-bfc288ee7568\" />\n\n### Impact\nThis is a server-side Remote Code Execution issue affecting the probe component.\n\nWho is impacted:\n\n- any OneUptime deployment where an attacker can obtain ordinary project membership\n- environments where the probe has access to internal services, secrets, Kubernetes metadata, database credentials, proxy credentials, or other cluster-local trust relationships",
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments