Closed Luka5W closed 8 months ago
This image/ project is based on acmesh-official/acme.sh which had a CVE with possible RCE 2 days ago, already exploited by the (former) chinese CA 'HiCA' (The issue is very entertaining to read btw :smirk:).
To be sure I've executed:
$ docker exec $container-name cat /app/acme.sh | grep "VER=" VER=2.9.0
I have not tested if a RCE is possible though.
Solution:
That should be all, but I don't know since I'm not involved in this project.
Info: running acme-companion version v2.2.8
N/A
Bug description
This image/ project is based on acmesh-official/acme.sh which had a CVE with possible RCE 2 days ago, already exploited by the (former) chinese CA 'HiCA' (The issue is very entertaining to read btw :smirk:).
To be sure I've executed:
I have not tested if a RCE is possible though.
Solution:
That should be all, but I don't know since I'm not involved in this project.
acme-companion image version
nginx-proxy's Docker configuration, rendered nginx configuration, Containers logs, Docker host
N/A