Isaiah
Monthly
Improper WebSocket authentication in will-moss Isaiah up to version 1.36.9 permits unauthenticated remote attackers to establish authenticated WebSocket sessions against the Docker management interface. The flaw resides in app/main.go within the WebSocket Connection Authentication component, where authentication controls can be bypassed, granting access to Docker management functionality without valid credentials. No public exploit has been identified at time of analysis, and an upstream fix exists as a pending pull request (PR #36) that has not yet been merged into a released version.
Missing authorization in Isaiah's Master WebSocket Handler allows remote unauthenticated attackers to manipulate the Agent argument in the Server.Handle function, bypassing access controls over Docker management operations. All versions of the will-moss/isaiah project up to and including 1.36.9 are affected. No public exploit or active exploitation has been identified at time of analysis; a fix pull request (#35) exists upstream but awaits acceptance.
Improper WebSocket authentication in will-moss Isaiah up to version 1.36.9 permits unauthenticated remote attackers to establish authenticated WebSocket sessions against the Docker management interface. The flaw resides in app/main.go within the WebSocket Connection Authentication component, where authentication controls can be bypassed, granting access to Docker management functionality without valid credentials. No public exploit has been identified at time of analysis, and an upstream fix exists as a pending pull request (PR #36) that has not yet been merged into a released version.
Missing authorization in Isaiah's Master WebSocket Handler allows remote unauthenticated attackers to manipulate the Agent argument in the Server.Handle function, bypassing access controls over Docker management operations. All versions of the will-moss/isaiah project up to and including 1.36.9 are affected. No public exploit or active exploitation has been identified at time of analysis; a fix pull request (#35) exists upstream but awaits acceptance.