AI PRP: triton inference server RCE

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Apache License 2.0

860 stars 178 forks source link

AI PRP: triton inference server RCE #433

Closed secureness closed 1 week ago

secureness commented 3 months ago

triton inference server is a popular NVIDIA product built for AI.

the following report pulls a default docker image, deploys it on the server, and runs a simple post-HTTP request to run an arbitrary command. https://huntr.com/bounties/b27148e3-4da4-4e12-95ae-756d33d94687/

secureness commented 3 months ago

CC @maoning

maoning commented 3 months ago

@secureness thanks for submitting the request! It is in scope for the AI PRP bounty. Please complete the following items:

[x] submit the vulnerable configuration of the target application to google/security-testbeds.
[x] submit our participation form and you can start working on the development.

Thanks!

maoning commented 3 months ago

@secureness Everything looks good, you can move forward with the implementation.

secureness commented 3 months ago

@maoning we can overwrite current models for all versions of the triton inference server to reach RCE, do you want to implement this as well as the vulnerable versions?

maoning commented 3 months ago

@secureness please implement the version that applies to all versions of the triton inference server.

secureness commented 1 week ago

thank you, I received the bounty.