Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Software contains RCE vulnerability #106

Open
sneak opened this issue Sep 29, 2024 · 3 comments
Open

Software contains RCE vulnerability #106

sneak opened this issue Sep 29, 2024 · 3 comments

Comments

@sneak
Copy link

sneak commented Sep 29, 2024
edited
Loading

Without permission, this software downloads new code from the server and prepares to execute it. This violates the entire security model of content-addressable docker container executables.

This allows anyone with control of the remote server to specify arbitrary code to execute within the container.

las1:/srv/storage/appstate# docker run --rm -it -v ./protonmail-bridge:/root she
nxn/protonmail-bridge@sha256:4d4e82ed868705fc9c2500aeb5bfb7b6f6d883213c0f717935d296197a124261 init
Unable to find image 'shenxn/protonmail-bridge@sha256:4d4e82ed868705fc9c2500aeb5bfb7b6f6d883213c0f717935d296197a124261' locally
docker.io/shenxn/protonmail-bridge@sha256:4d4e82ed868705fc9c2500aeb5bfb7b6f6d883213c0f717935d296197a124261: Pulling from shenxn/protonmail-bridge
3713021b0277: Pull complete
b5a6c5fe32cf: Pull complete
e06d803d76d0: Pull complete
d37d596f4257: Pull complete
Digest: sha256:4d4e82ed868705fc9c2500aeb5bfb7b6f6d883213c0f717935d296197a124261
Status: Downloaded newer image for shenxn/protonmail-bridge@sha256:4d4e82ed868705fc9c2500aeb5bfb7b6f6d883213c0f717935d296197a124261
+ [[ init == init ]]
+ gpg --generate-key --batch /protonmail/gpgparams
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: Generating a basic OpenPGP key
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 135ABD961DF09616 marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/9D0DA4C714FBC040E967479C135ABD961DF09616.rev'
gpg: done
+ pass init pass-key
mkdir: created directory '/root/.password-store/'
Password store initialized for pass-key
+ protonmail-bridge --cli
                  _.-:__:.-:'':  :  :  :'':-.:__:-._
                .':.-:  :  :  :  :  :  :  :  :  :._:'.
             _ :.':  :  :  :  :  :  :  :  :  :  :  :'.: _
            [ ]:  :  :  :  :  :  :  :  :  :  :  :  :  :[ ]
            [ ]:  :  :  :  :  :  :  :  :  :  :  :  :  :[ ]
   :::::::::[ ]:__:__:__:__:__:__:__:__:__:__:__:__:__:[ ]:::::::::::
   !!!!!!!!![ ]!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!![ ]!!!!!!!!!!!
   ^^^^^^^^^[ ]^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^[ ]^^^^^^^^^^^
            [ ]                                        [ ]
            [ ]                                        [ ]
      jgs   [ ]                                        [ ]
    ~~^_~^~/   \~^-~^~ _~^-~_^~-^~_^~~-^~_~^~-~_~-^~_^/   \~^ ~~_ ^
>>> help

Commands:
  all-mail-visibility      choose not to list the All Mail folder in your local client
  bad-event                manage actions when bad event error occurs
  cert                     Manage the TLS certificate used by Bridge
  change                   change server or account settings (aliases: ch, switch)
  clear                    remove stored accounts and preferences. (alias: cl)
  credits                  print used resources.
  debug                    Debug diagnostics
  delete                   remove the account from keychain. Use index or account name as parameter. (aliases: del, rm, remove)
  exit                     exit the program
  help                     display help
  info                     print the configuration for account. Use index or account name as parameter. (alias: i)
  list                     print the list of accounts. (aliases: l, ls)
  log-dir                  print path to directory with logs. (aliases: log, logs)
  login                    login procedure to add or connect account. Optionally use index or account as parameter. (aliases: a, add, con, connect)
  logout                   disconnect the account. Use index or account name as parameter. (aliases: d, disconnect)
  manual                   print URL with instructions. (alias: man)
  proxy                    allow or disallow bridge to securely connect to proton via a third party when it is being blocked
  repair                   reload all accounts and cached data, re-download emails. Email clients remain connected. Logged out users will be repaired on next login. (aliases: rep)
  telemetry                choose whether usage diagnostics are collected or not
  updates                  manage bridge updates


>>> A new version (3.13.0) was installed.
>>> login
Username: ^C
Please fill username: ^C
Please fill username: ^D
Too many attempts
>>> ^D
EOF
l#                                                                                                                                   las1:/srv/storage/appstate# ls
REDACTED
las1:/srv/storage/appstate# cd protonmail-bridge
las1:/srv/storage/appstate/protonmail-bridge# ls
las1:/srv/storage/appstate/protonmail-bridge# ls -tla
total 89
drwx------  4 root root 12 Sep 29 16:19 .gnupg
drwx------  3 root root  4 Sep 29 16:19 .password-store
drwxr-xr-x  7 root root  7 Sep 29 16:19 .
drwx------  3 root root  3 Sep 29 16:19 .cache
drwx------  3 root root  3 Sep 29 16:19 .config
drwx------  3 root root  3 Sep 29 16:19 .local
drwxr-xr-x 16 root root 16 Sep 29 16:18 ..
las1:/srv/storage/appstate/protonmail-bridge# find .
.
./.cache
./.cache/protonmail
./.cache/protonmail/bridge-v3
./.cache/protonmail/bridge-v3/bridge-v3.lock
./.password-store
./.password-store/.gpg-id
./.password-store/docker-credential-helpers
./.password-store/docker-credential-helpers/cHJvdG9ubWFpbC9icmlkZ2UtdjMvdXNlcnMvYnJpZGdlLXZhdWx0LWtleQ==
./.password-store/docker-credential-helpers/cHJvdG9ubWFpbC9icmlkZ2UtdjMvdXNlcnMvYnJpZGdlLXZhdWx0LWtleQ==/bridge-vault-key.gpg
./.config
./.config/protonmail
./.config/protonmail/bridge-v3
./.config/protonmail/bridge-v3/vault.enc
./.config/protonmail/bridge-v3/grpcFocusServerConfig.json
./.gnupg
./.gnupg/random_seed
./.gnupg/S.gpg-agent.browser
./.gnupg/pubring.kbx
./.gnupg/S.gpg-agent
./.gnupg/trustdb.gpg
./.gnupg/pubring.kbx~
./.gnupg/private-keys-v1.d
./.gnupg/private-keys-v1.d/94AD8CAD54B74F20A0B79E36521F160470E319CA.key
./.gnupg/S.gpg-agent.ssh
./.gnupg/openpgp-revocs.d
./.gnupg/openpgp-revocs.d/9D0DA4C714FBC040E967479C135ABD961DF09616.rev
./.gnupg/S.gpg-agent.extra
./.local
./.local/share
./.local/share/protonmail
./.local/share/protonmail/bridge-v3
./.local/share/protonmail/bridge-v3/logs
./.local/share/protonmail/bridge-v3/logs/20240929_161912204_bri_000_v3.12.0_br-201.log
./.local/share/protonmail/bridge-v3/logs/20240929_161912204_lau_000_v3.12.0_br-201.log
./.local/share/protonmail/bridge-v3/gluon
./.local/share/protonmail/bridge-v3/gluon/backend
./.local/share/protonmail/bridge-v3/gluon/backend/store
./.local/share/protonmail/bridge-v3/gluon/backend/db
./.local/share/protonmail/bridge-v3/updates
./.local/share/protonmail/bridge-v3/updates/3.13.0
./.local/share/protonmail/bridge-v3/updates/3.13.0/proton-bridge.desktop
./.local/share/protonmail/bridge-v3/updates/3.13.0/Changelog.md
./.local/share/protonmail/bridge-v3/updates/3.13.0/bridge
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebChannel
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebChannel/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebChannel/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebChannel/libwebchannelplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebView
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebView/libqtwebviewquickplugin.so

... many lines redacted ...

./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQuick/Controls/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtCore
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtCore/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtCore/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtCore/libqtqmlcoreplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/builtins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/jsroot.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/AlertDialog.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/FilePicker.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/DirectoryPicker.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/ColorDialog.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/AuthenticationDialog.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/MenuItem.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/ToolTip.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/MenuSeparator.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/libqtwebenginequickdelegatesplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/Menu.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/WebEngineQuickDelegatesQml.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/TouchSelectionMenu.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/PromptDialog.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/ConfirmDialog.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/AutofillPopup.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/ControlsDelegates/TouchHandle.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/libqtwebenginequickplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWebEngine/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/XmlListModel
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/XmlListModel/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/XmlListModel/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/XmlListModel/libqmlxmllistmodelplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/WorkerScript
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/WorkerScript/libworkerscriptplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/WorkerScript/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/WorkerScript/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/Models
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/Models/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/Models/libmodelsplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/Models/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/libqmlplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtQml/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWayland
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWayland/Client
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWayland/Client/TextureSharing
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWayland/Client/TextureSharing/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtWayland/Client/TextureSharing/libwaylandtexturesharingplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/test
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/test/controls
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/test/controls/objects-RelWithDebInfo
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/test/controls/objects-RelWithDebInfo/QuickControlsTestUtilsPrivate_resources_1
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/test/controls/objects-RelWithDebInfo/QuickControlsTestUtilsPrivate_resources_1/.rcc
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/test/controls/objects-RelWithDebInfo/QuickControlsTestUtilsPrivate_resources_1/.rcc/qrc_qmake_Qt_test_controls.cpp.o
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/test/controls/QuickControlsTestUtilsPrivate.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/test/controls/libquickcontrolstestutilsprivateplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/test/controls/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/sharedimage
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/sharedimage/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/sharedimage/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/sharedimage/libsharedimageplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/animation
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/animation/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/animation/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/animation/liblabsanimationplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/platform
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/platform/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/platform/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/platform/libqtlabsplatformplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/qmlmodels
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/qmlmodels/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/qmlmodels/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/qmlmodels/liblabsmodelsplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/folderlistmodel
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/folderlistmodel/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/folderlistmodel/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/folderlistmodel/libqmlfolderlistmodelplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/settings
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/settings/libqmlsettingsplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/settings/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/settings/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/wavefrontmesh
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/wavefrontmesh/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/wavefrontmesh/libqmlwavefrontmeshplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/Qt/labs/wavefrontmesh/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtPositioning
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtPositioning/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtPositioning/libpositioningquickplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtPositioning/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtTest
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtTest/TestCase.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtTest/testlogger.js
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtTest/qmldir
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtTest/SignalSpy.qml
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtTest/libquicktestplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/qml/QtTest/plugins.qmltypes
./.local/share/protonmail/bridge-v3/updates/3.13.0/.sum.sig
./.local/share/protonmail/bridge-v3/updates/3.13.0/include
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest-test-part.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest-typed-test.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest-printers.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest-message.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest-death-test.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest-param-test.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest-assertion-result.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest-spi.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/gtest-port-arch.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/gtest-param-util.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/gtest-internal.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/gtest-type-util.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/gtest-death-test-internal.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/gtest-filepath.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/gtest-port.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/gtest-string.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/custom
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/custom/gtest-port.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/custom/gtest-printers.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/custom/gtest.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/internal/custom/README.md
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest_prod.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest-matchers.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gtest/gtest_pred_impl.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/gmock-cardinalities.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/gmock.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/gmock-more-matchers.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/gmock-more-actions.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/gmock-actions.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/internal
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/internal/gmock-internal-utils.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/internal/gmock-pp.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/internal/custom
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/internal/custom/gmock-port.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/internal/custom/README.md
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/internal/custom/gmock-generated-actions.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/internal/custom/gmock-matchers.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/internal/gmock-port.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/gmock-nice-strict.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/gmock-function-mocker.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/gmock-matchers.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/include/gmock/gmock-spec-builders.h
./.local/share/protonmail/bridge-v3/updates/3.13.0/proton-bridge
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6WaylandClient.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6XcbQpa.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickControls2Impl.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Xml.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libicudata.so.56
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6EglFsKmsSupport.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Svg.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Gui.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QmlCore.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libgtest_main.a
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickTemplates2.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QmlModels.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libicui18n.so.56
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libicudata.so.56.1
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6WlShellIntegration.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libicui18n.so.56.1
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Qml.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickControls2.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6WaylandClient.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QmlCore.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Qml.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/cmake
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/cmake/GTest
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/cmake/GTest/GTestConfig.cmake
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/cmake/GTest/GTestConfigVersion.cmake
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/cmake/GTest/GTestTargets-release.cmake
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/cmake/GTest/GTestTargets.cmake
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickWidgets.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickDialogs2.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickDialogs2Utils.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QmlWorkerScript.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6OpenGLWidgets.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6EglFSDeviceIntegration.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/pkgconfig
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/pkgconfig/gmock.pc
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/pkgconfig/gtest_main.pc
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/pkgconfig/gmock_main.pc
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/pkgconfig/gtest.pc
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6XcbQpa.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickWidgets.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickControls2Impl.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libgmock.a
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libicuuc.so.56
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6PrintSupport.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickDialogs2.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Quick.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Xml.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickDialogs2QuickImpl.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Widgets.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickDialogs2QuickImpl.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickLayouts.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickDialogs2Utils.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6DBus.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Sql.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6EglFSDeviceIntegration.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Gui.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6WlShellIntegration.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6EglFsKmsSupport.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QmlModels.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libicuuc.so.56.1
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6DBus.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Core.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickTemplates2.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6PrintSupport.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickLayouts.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Core.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6WaylandEglClientHwIntegration.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QuickControls2.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Quick.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6OpenGL.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6WaylandEglClientHwIntegration.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Widgets.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libgtest.a
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Network.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6OpenGL.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6QmlWorkerScript.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6OpenGLWidgets.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Svg.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libgmock_main.a
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Network.so.6
./.local/share/protonmail/bridge-v3/updates/3.13.0/lib/libQt6Sql.so.6.4.3
./.local/share/protonmail/bridge-v3/updates/3.13.0/LICENSE
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/printsupport
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/printsupport/libcupsprintersupport.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-decoration-client
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-decoration-client/libbradient.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/imageformats
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/imageformats/libqico.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/imageformats/libqsvg.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/imageformats/libqjpeg.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/imageformats/libqgif.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/iconengines
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/iconengines/libqsvgicon.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_inspector.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_local.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_preview.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_quickprofiler.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_server.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_profiler.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_tcp.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_native.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_debugger.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_nativedebugger.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmltooling/libqmldbg_messages.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmllint
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/qmllint/libquicklintplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/designer
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/designer/libqquickwidget.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/designer/libqwebengineview.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/egldeviceintegrations
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/egldeviceintegrations/libqeglfs-kms-egldevice-integration.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/egldeviceintegrations/libqeglfs-emu-integration.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/egldeviceintegrations/libqeglfs-x11-integration.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/xcbglintegrations
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/xcbglintegrations/libqxcb-egl-integration.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/xcbglintegrations/libqxcb-glx-integration.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/webview
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/webview/libqtwebview_webengine.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/networkinformation
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/networkinformation/libqnetworkmanager.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/networkinformation/libqglib.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platformthemes
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platformthemes/libqgtk3.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platformthemes/libqxdgdesktopportal.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-shell-integration
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-shell-integration/libivi-shell.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-shell-integration/libqt-shell.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-shell-integration/libxdg-shell.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-shell-integration/libwl-shell-plugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-shell-integration/libfullscreen-shell-v1.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/tls
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/tls/libqcertonlybackend.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/tls/libqopensslbackend.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/sqldrivers
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/sqldrivers/libqsqlmysql.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/sqldrivers/libqsqlodbc.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/sqldrivers/libqsqlpsql.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/sqldrivers/libqsqlite.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforminputcontexts
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforminputcontexts/libibusplatforminputcontextplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforminputcontexts/libcomposeplatforminputcontextplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms/libqxcb.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms/libqvnc.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms/libqlinuxfb.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms/libqwayland-egl.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms/libqminimal.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms/libqwayland-generic.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms/libqminimalegl.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms/libqeglfs.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms/libqoffscreen.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/platforms/libqvkkhrdisplay.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-graphics-integration-client
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-graphics-integration-client/libvulkan-server.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-graphics-integration-client/libqt-plugin-wayland-egl.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-graphics-integration-client/libshm-emulation-server.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-graphics-integration-client/libdrm-egl-server.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/wayland-graphics-integration-client/libdmabuf-server.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/position
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/position/libqtposition_geoclue2.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/position/libqtposition_nmea.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/position/libqtposition_positionpoll.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/generic
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/generic/libqevdevkeyboardplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/generic/libqtuiotouchplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/generic/libqevdevmouseplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/generic/libqevdevtouchplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/plugins/generic/libqevdevtabletplugin.so
./.local/share/protonmail/bridge-v3/updates/3.13.0/logo.svg
./.local/share/protonmail/bridge-v3/updates/3.13.0/.sum
./.local/share/protonmail/bridge-v3/updates/3.13.0/bridge-gui
las1:/srv/storage/appstate/protonmail-bridge#

This allows an attacker in control of the update download server to replace the update executable that is downloaded, and steal or exfiltrate keys and mail.

Such nonconsensual automated remote code execution (the fact that it is called "autoupdate" is irrelevant) is inappropriate in software implementing end to end encryption. If the not-end can cause the end to give up its keys or plaintext at any time via a software update, then the end to end encryption is simply farce.
@sneak
Copy link
Author

sneak commented Sep 29, 2024

It looks like this vulnerability is caused by the autoupdate functionality in the bridge. This should be patched out or disabled in the container build process so that the container's integrity is preserved.

@sneak
Copy link
Author

sneak commented Sep 29, 2024

Reported upstream as well:

ProtonMail/proton-bridge#494

Given their zeal for co-opting users' machines for their own purposes, I assume this will need to be patched out in the container and won't get fixed upstream.

@MichaByte
Copy link

I know this is a stale issue, but:

anyone with control of the remote server

So, just Proton (or a hacker that is extremely deep into Proton's infra, in which case every Proton user is screwed anyways)

this software downloads new code from the server

Yes, that's called "autoupdate", it's a feature when implemented correctly.

the fact that it is called "autoupdate" is irrelevant

No, it's very relevant. Autoupdate != RCE because RCE means the attacker gets some level of choice in the code that is executed. I wouldn't call this an RCE vulnerability because the attacker would need some level of access to the host machine of the container, or at the very least the container itself (in which case the data is already compromised since it is Proton Bridge caches it IIRC)

Outside of the technical arguments, I don't know what you're hoping to accomplish by spreading FUD. Please reconsider who you are actually helping (no one) and what you could do to be truly helpful. This type of pithy, fear-mongering "bug report" is detrimental to the maintainer of this project, Proton, and the privacy community at large. Stop wasting people's time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sneak @MichaByte