Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-26273
HistoryDec 16, 2020 - 2:15 a.m.

CVE-2020-26273

2020-12-1602:15:13
CWE-77
[email protected]
web.nvd.nist.gov
34
2
osquery
cve-2020-26273
sql
instrumentation
monitoring
analytics
sqlite
attach verb
security vulnerability
patch
deployment
administration
non-root user

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

5.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite’s ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This does allow arbitrary files to be created, but they will be sqlite databases. It does not appear to allow existing non-sqlite files to be overwritten. This has been patched in osquery 4.6.0. There are several mitigating factors and possible workarounds. In some deployments, the people with access to these interfaces may be considered administrators. In some deployments, configuration is managed by a central tool. This tool can filter for the ATTACH keyword. osquery can be run as non-root user. Because this also limits the desired access levels, this requires deployment specific testing and configuration.

Affected configurations

Vulners
NVD
Node
osqueryosqueryRange<4.6.0

CNA Affected

[
  {
    "product": "osquery",
    "vendor": "osquery",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.6.0"
      }
    ]
  }
]

Social References

More

Related

osv 1
cvelist 1
nvd 1
prion 1
osv
osv
CVE-2020-26273
2020-12-16 02:15:13
cvelist
cvelist
CVE-2020-26273 sqlite ATTACH allows some filesystem access
2020-12-16 01:20:19
nvd
nvd
CVE-2020-26273
2020-12-16 02:15:13
prion
prion
Design/Logic Flaw
2020-12-16 02:15:00

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

5.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON
Related for CVE-2020-26273
osv1cvelist1nvd1prion1