Full Report
Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in a
Analysis Summary
# Vulnerability: Remote Code Execution in Lightning AI Studio via Hidden URL Parameter
## CVE Details
- CVE ID: Not explicitly provided in the text (Inferred vulnerability research from Noma)
- CVSS Score: 9.4 ($\text{Critical}$)
- CWE: Not explicitly provided
## Affected Systems
- Products: Lightning AI Studio development platform
- Versions: Not explicitly specified, but affects versions prior to the October 25 patch.
- Configurations: Any installed and accessible Lightning AI Studio instance that is publicly visible or accessible via a known profile username and studio path.
## Vulnerability Description
The vulnerability exists within a piece of JavaScript code handling user-specific URLs. An attacker can exploit this flaw by discovering a hidden URL parameter named `commmand` (note the misspelling in the text "commmand" vs intended "command") appended to a Studio URL (e.g., `lightning.ai/PROFILE_USERNAME/studio-name/terminal?fullScreen=true&commmand=BASE64_ENCODED_INSTRUCTION`). This parameter allows the attacker to pass a Base64-encoded instruction which is then executed on the underlying host system with **root privileges**. This grants the ability to execute arbitrary commands, exfiltrate sensitive data (like keys/tokens), and tamper with the file system.
## Exploitation
- Status: PoC available (Implied by researchers demonstrating the flaw)
- Complexity: Low ($\text{Requires public profile/studio path information}$)
- Attack Vector: Network
## Impact
- Confidentiality: $\text{Complete}$ (Ability to extract access tokens and user information)
- Integrity: $\text{Complete}$ (Ability to create, delete, or modify files)
- Availability: $\text{High}$ (Root access allows for system disruption)
## Remediation
### Patches
- The issue was **Resolved by the Lightning AI team as of October 25, 2024**. Users should ensure their Lightning AI Studio deployments are updated to the patched version. (Specific version number not provided).
### Workarounds
- Since the vulnerability relied on a hidden, potentially misspelled parameter (`commmand`), an immediate but potentially temporary measure would be to ensure that no public-facing endpoints are accessible that might process such parameters if the patch is delayed. Network segmentation and access control review might be necessary.
## Detection
- Indicators of Compromise: Outbound network connections originating from the Lightning AI Studio host to unknown external servers, unexpected process execution, file modifications within the studio environment, and activity tied to root user context associated with the application.
- Detection methods and tools: Application logs should be monitored for requests containing suspicious query parameters in Studio terminal URLs, particularly those containing `commmand=` (or `command=`, if the vendor corrected internally). Security monitoring tools should look for unauthorized process execution at the root level within the application containment/host.
## References
- Vendor Advisory: Lightning AI team resolved the issue following responsible disclosure on October 14, 2024.
- Research Report: hxxps://noma.security/noma-research-discovers-rce-vulnerability-in-ai-development-platform-lightning-ai/