Lucene search

GoogleOSV:GHSA-R847-6W6H-R8G4

HistoryOct 27, 2023 - 5:39 p.m.

Flyte Admin SQL Injection in List Filters

2023-10-2717:39:08

Google

osv.dev

flyte admin

sql injection

list filters

rest requests

custom sql statements

access control

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.7%

JSON

Impact

List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters.

Workarounds

The attacker needs to have access to the flyteadmin installation (typically either behind a VPN or authentication).

References

https://owasp.org/www-community/attacks/SQL_Injection#

CPENameOperatorVersion
github.com/flyteorg/flyteadminlt1.1.124

CPE	Name	Operator	Version
	github.com/flyteorg/flyteadmin	lt	1.1.124

References

github.com/flyteorg/flyteadmin

github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd

github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4

nvd.nist.gov/vuln/detail/CVE-2023-41891

owasp.org/www-community/attacks/SQL_Injection#

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.7%

JSON

Related for OSV:GHSA-R847-6W6H-R8G4