A significant security vulnerability has been discovered in AutoGPT, a powerful AI tool designed to automate tasks through intelligent agents. With over 166k stars on GitHub, AutoGPT has gained popularity for its ability to streamline complex operations. However, the discovery of CVE-2024-6091, an OS Command Injection vulnerability with a CVSS score of 9.8, has raised serious concerns about the security of its shell command execution features.
The vulnerability, discovered by security researcher Pinkdraconian, involved the potential bypass of AutoGPT’s shell command denylist. While the denylist aimed to prevent the execution of specific commands, an attacker could easily circumvent this safeguard by using the full path of a command. This flaw opened the door to potential exploitation, allowing malicious actors to execute unauthorized actions on systems running AutoGPT.
The heart of the issue lay in the way AutoGPT handled the denylist. Although administrators could specify disallowed commands, the framework failed to account for subtle variations in command execution, such as utilizing the full path.
Pinkdraconian published a proof-of-concept (PoC) exploit demonstrating how easily the denylist can be bypassed. The PoC highlights the danger of this vulnerability, especially for users who rely on AutoGPT for automation in sensitive environments where command execution needs strict control.
The discovery of CVE-2024-6091 poses a significant threat to organizations and users who rely on AutoGPT. The ability to bypass the command denylist exposes systems to the risk of unauthorized command execution. An attacker exploiting this vulnerability could gain access to system information, escalate privileges, and potentially execute arbitrary commands, depending on the context in which AutoGPT is used.
The vulnerability has been swiftly addressed by the AutoGPT team in version 0.5.1. Users are strongly urged to update their installations to the latest version to ensure their systems are protected.
