Lucene search

Veracode Vulnerability DatabaseVERACODE:47442

HistoryJun 10, 2024 - 7:23 a.m.

Authentication Bypass / Remote Code Execution (RCE)

2024-06-1007:23:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

dtale

authentication bypass

remote code execution

flask configuration

session cookie

improper input validation

hardcoded secret_key

custom filter queries

update-settings endpoint

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

dtale is vulnerable to Authentication Bypass / Remote Code Execution (RCE). The vulnerability is due to improper input validation and the presence of a hardcoded SECRET_KEY in the Flask configuration, allowing attackers to forge a session cookie. Additionally, there is improper validation of custom filter queries, which allows an attacker to execute arbitrary code through the /update-settings endpoint.

CPENameOperatorVersion
dtalele3.12.0
dtalele3.12.0

CPE	Name	Operator	Version
	dtale	le	3.12.0
	dtale	le	3.12.0

References

github.com/advisories/GHSA-v9q6-fm48-rx74

github.com/man-group/dtale/blob/57faae453902eb8952134e98581c7ea6e060ee1d/dtale/app.py#L323

huntr.com/bounties/57a06666-ff85-4577-af19-f3dfb7b02f91

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:47442