CVE-2023-37924

22.11.2023, 10:15

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login.
Now we have fixed this issue and now user must have the correct login to access workbench.
This issue affects Apache Submarine: from 0.7.0 before 0.8.0.We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins.
If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.

SQL Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
apache	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Vendor	Product	Version
apache	submarine	0.7.0 ≤ 𝑥 < 0.8.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

https://github.com/apache/submarine/pull/1037

https://issues.apache.org/jira/browse/SUBMARINE-1361

https://lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r

https://github.com/apache/submarine/pull/1037

https://issues.apache.org/jira/browse/SUBMARINE-1361

https://lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r