CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
15.9%
A time/boolean SQL Injection is present in the following resource /api/applicationResources
via the following parameter packageID
As it can be seen here, while building the SQL Query the fmt.Sprintf
function is used to build the query string without the input having first been subjected to any validation.
The following command should be able to trigger a basic version of the behavior:
curl -i -s -k -X $'GET' \ -H $'Host: kubeclarity.test' \ $'https://kubeclarity.test/api/applicationResources?page=1&pageSize=50&sortKey=vulnerabilities&sortDir=DESC&packageID=c89973a6-4e7f-50b5-afe2-6bf6f4d3da0a\'HTTP/2'
While using the Helm chart, the impact of this vulnerability is limited since it allows read access only to the kuberclarity database, to which access is already given as far as I understand to regular users anyway.
On the other hand, if Kuberclarity is deployed in a less secure way, this might allow access to more data then allowed or expected (beyond the limits of the KuberClarity database). The vulnerable line was introduced as part of the initial commit of Kubeclarity, so all versions up until the latest (2.23.1) are assumed vulnerable.
Vendor | Product | Version | CPE |
---|---|---|---|
openclarity | kubeclarity | * | cpe:2.3:a:openclarity:kubeclarity:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-5248-h45p-9pgw
github.com/openclarity/kubeclarity/blob/main/backend/pkg/database/id_view.go#L79
github.com/openclarity/kubeclarity/commit/1d1178840703a72d9082b7fc4aea0a3326c5d294
github.com/openclarity/kubeclarity/security/advisories/GHSA-5248-h45p-9pgw
nvd.nist.gov/vuln/detail/CVE-2024-39909