CVE-2023-41891 - OpenCVE

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Flyte	Flyteadmin

Configuration 1 [-]

cpe:2.3:a:flyte:flyteadmin:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd	Patch Third Party Advisory
https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4	Third Party Advisory
https://owasp.org/www-community/attacks/SQL_Injection#	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-30T18:01:17.453Z

Updated: 2023-10-30T18:01:17.453Z

Reserved: 2023-09-04T16:31:48.225Z

Link: CVE-2023-41891

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-30T19:15:07.883

Modified: 2023-11-07T23:26:21.683

Link: CVE-2023-41891

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-41891", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-04T16:31:48.225Z", "datePublished": "2023-10-30T18:01:17.453Z", "dateUpdated": "2023-10-30T18:01:17.453Z"}, "containers": {"cna": {"title": "FlyteAdmin SQL Injection in List Filters", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4"}, {"name": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd", "tags": ["x_refsource_MISC"], "url": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd"}, {"name": "https://owasp.org/www-community/attacks/SQL_Injection#", "tags": ["x_refsource_MISC"], "url": "https://owasp.org/www-community/attacks/SQL_Injection#"}], "affected": [{"vendor": "flyteorg", "product": "flyteadmin", "versions": [{"version": "< 1.1.124", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-30T18:01:17.453Z"}, "descriptions": [{"lang": "en", "value": "FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue."}], "source": {"advisory": "GHSA-r847-6w6h-r8g4", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flyte:flyteadmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CB20F8F-3916-4352-95AE-447581F07EFC", "versionEndExcluding": "1.1.124", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue."}, {"lang": "es", "value": "FlyteAdmin es el plano de control de Flyte responsable de gestionar entidades y administrar ejecuciones de flujo de trabajo. Antes de la versi\u00f3n 1.1.124, los endpoints de lista en FlyteAdmin ten\u00edan una vulnerabilidad SQL donde un usuario malintencionado pod\u00eda enviar una solicitud REST con declaraciones SQL personalizadas como filtros de lista. El atacante debe tener acceso a la instalaci\u00f3n de FlyteAdmin, normalmente mediante una VPN o mediante autenticaci\u00f3n. La versi\u00f3n 1.1.124 contiene un parche para este problema."}], "id": "CVE-2023-41891", "lastModified": "2023-11-07T23:26:21.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-30T19:15:07.883", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://owasp.org/www-community/attacks/SQL_Injection#"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}