CVE-2024-34693

Apache Superset: Server arbitrary file read

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0

Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.

Vulnerabilidad de validación de entrada incorrecta en Apache Superset, permite que un atacante autenticado cree una conexión MariaDB con local_infile habilitado. Si tanto el servidor MariaDB (desactivado de forma predeterminada) como el cliente MySQL local en el servidor web están configurados para permitir el archivo local, es posible que el atacante ejecute un comando SQL MySQL/MariaDB específico que pueda leer archivos del servidor e inserte su contenido en una tabla de base de datos MariaDB. Este problema afecta a Apache Superset: antes de 3.1.3 y versión 4.0.0. Se recomienda a los usuarios actualizar a la versión 4.0.1 o 3.1.3, que soluciona el problema.

*Credits: Matei "Mal" Badanoiu, Daniel Vaz Gaspar

CVSS Scores

Apachev3.1 6.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-07 CVE Reserved
2024-06-20 CVE Published
2024-06-21 EPSS Updated
2024-07-27 First Exploit
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (5)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2024/06/20/1

URL	Date	SRC
https://github.com/mbadanoiu/CVE-2024-34693	2024-07-27
https://github.com/labc-dev/CVE-2024-34693	2024-07-29
https://github.com/Mr-r00t11/CVE-2024-34693	2024-07-30

URL	Date	SRC

URL	Date	SRC
https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon	2024-06-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Software Foundation Search vendor "Apache Software Foundation"		Apache Superset Search vendor "Apache Software Foundation" for product "Apache Superset"				< 3.1.3 Search vendor "Apache Software Foundation" for product "Apache Superset" and version " < 3.1.3"		en		Affected
Apache Software Foundation Search vendor "Apache Software Foundation"		Apache Superset Search vendor "Apache Software Foundation" for product "Apache Superset"				>= 4.0.0 < 4.0.1 Search vendor "Apache Software Foundation" for product "Apache Superset" and version " >= 4.0.0 < 4.0.1"		en		Affected