CVE-2023-29195 - OpenCVE

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linuxfoundation	Vitess

Configuration 1 [-]

cpe:2.3:a:linuxfoundation:vitess:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920	Patch
https://github.com/vitessio/vitess/issues/12842	Exploit Issue Tracking Patch
https://github.com/vitessio/vitess/pull/12843	Issue Tracking Patch
https://github.com/vitessio/vitess/releases/tag/v16.0.2	Release Notes
https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w	Mitigation Vendor Advisory
https://pkg.go.dev/vitess.io/vitess@v0.16.2	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-05-11T19:07:39.530Z

Updated: 2023-05-11T19:07:39.530Z

Reserved: 2023-04-03T13:37:18.453Z

Link: CVE-2023-29195

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-11T20:15:09.403

Modified: 2023-05-22T18:15:32.553

Link: CVE-2023-29195

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-29195", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-04-03T13:37:18.453Z", "datePublished": "2023-05-11T19:07:39.530Z", "dateUpdated": "2023-05-11T19:07:39.530Z"}, "containers": {"cna": {"title": "Vitess VTAdmin users that can create shards can deny access to other functions", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-703", "lang": "en", "description": "CWE-703: Improper Check or Handling of Exceptional Conditions", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"}, {"name": "https://github.com/vitessio/vitess/issues/12842", "tags": ["x_refsource_MISC"], "url": "https://github.com/vitessio/vitess/issues/12842"}, {"name": "https://github.com/vitessio/vitess/pull/12843", "tags": ["x_refsource_MISC"], "url": "https://github.com/vitessio/vitess/pull/12843"}, {"name": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920", "tags": ["x_refsource_MISC"], "url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"}, {"name": "https://github.com/vitessio/vitess/releases/tag/v16.0.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"}, {"name": "https://pkg.go.dev/vitess.io/vitess@v0.16.2", "tags": ["x_refsource_MISC"], "url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"}], "affected": [{"vendor": "vitessio", "product": "vitess", "versions": [{"version": "< 16.0.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-11T19:07:39.530Z"}, "descriptions": [{"lang": "en", "value": "Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server."}], "source": {"advisory": "GHSA-pqj7-jx24-wj7w", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:vitess:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DA4AFFF-C602-4288-9D50-AE0D4AEF1E97", "versionEndExcluding": "16.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server."}], "id": "CVE-2023-29195", "lastModified": "2023-05-22T18:15:32.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-05-11T20:15:09.403", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://github.com/vitessio/vitess/issues/12842"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/vitessio/vitess/pull/12843"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-703"}], "source": "security-advisories@github.com", "type": "Secondary"}]}