CVE-2024-24565

30.01.2024, 17:15

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.7 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
GitHub_M	CNA	5.7 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
cratedb	cratedb	𝑥 < 5.3.9
cratedb	cratedb	5.4.0 ≤ 𝑥 < 5.4.8
cratedb	cratedb	5.5.0 ≤ 𝑥 < 5.5.4
cratedb	cratedb	5.6.0 ≤ 𝑥 < 5.6.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://github.com/crate/crate/commit/4e857d675683095945dd524d6ba03e692c70ecd6

https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96

https://github.com/crate/crate/commit/4e857d675683095945dd524d6ba03e692c70ecd6

https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96