Lucene search

Veracode Vulnerability DatabaseVERACODE:44058

HistoryOct 30, 2023 - 9:15 a.m.

SQL Injection

2023-10-3009:15:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sql injection

github.com/flyteorg/flyteadmin

vulnerability

custom sql statements

arbitrary sql queries

software

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.7%

JSON

github.com/flyteorg/flyteadmin is vulnerable to SQL Injection. The vulnerability exists because the custom sql statements are not properly handled which allows an attacker to inject and execute arbitrary sql queries.

CPENameOperatorVersion
github.com/flyteorg/flyteadminlev1.1.123
github.com/flyteorg/flyteadminlev1.1.123

CPE	Name	Operator	Version
	github.com/flyteorg/flyteadmin	le	v1.1.123
	github.com/flyteorg/flyteadmin	le	v1.1.123

References

github.com/advisories/GHSA-r847-6w6h-r8g4

github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd

github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4

owasp.org/www-community/attacks/SQL_Injection#

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.7%

JSON

Related for VERACODE:44058