CVE-2023-33972 - Vulnerability Details - OpenCVE

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00165.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Scylladb	Scylladb

Configuration 1 [-]

cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-38098	Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq

History

Mon, 23 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-09-27T18:15:18.162Z

Updated: 2024-09-23T19:08:40.769Z

Reserved: 2023-05-24T13:46:35.954Z

Link: CVE-2023-33972

Vulnrichment

Updated: 2024-08-02T15:54:14.148Z

NVD

Status : Modified

Published: 2023-09-27T19:15:11.497

Modified: 2024-11-21T08:06:19.417

Link: CVE-2023-33972

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-33972", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-05-24T13:46:35.954Z", "datePublished": "2023-09-27T18:15:18.162Z", "dateUpdated": "2024-09-23T19:08:40.769Z"}, "containers": {"cna": {"title": "Privilege escalation from having CREATE access on a keyspace in Scylladb", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "lang": "en", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq"}], "affected": [{"vendor": "scylladb", "product": "scylladb", "versions": [{"version": "<= 5.2.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-27T18:16:04.248Z"}, "descriptions": [{"lang": "en", "value": "Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users."}], "source": {"advisory": "GHSA-ww5v-p45p-3vhq", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:54:14.148Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq"}]}, {"affected": [{"vendor": "scylladb", "product": "scylladb", "cpes": ["cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.2.8", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T18:53:24.827482Z", "id": "CVE-2023-33972", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T19:08:40.769Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "name": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:54:14.148Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-33972", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-23T18:53:24.827482Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*"], "vendor": "scylladb", "product": "scylladb", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.2.8"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T19:08:35.633Z"}}], "cna": {"title": "Privilege escalation from having CREATE access on a keyspace in Scylladb", "source": {"advisory": "GHSA-ww5v-p45p-3vhq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "scylladb", "product": "scylladb", "versions": [{"status": "affected", "version": "<= 5.2.8"}]}], "references": [{"url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "name": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-27T18:16:04.248Z"}}}, "cveMetadata": {"cveId": "CVE-2023-33972", "state": "PUBLISHED", "dateUpdated": "2024-09-23T19:08:40.769Z", "dateReserved": "2023-05-24T13:46:35.954Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-09-27T18:15:18.162Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8162FB5-E6C6-4E6E-AEE2-7A61A2375710", "versionEndIncluding": "5.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users."}, {"lang": "es", "value": "Scylladb es un almac\u00e9n de datos NoSQL que utiliza el marco seastar, compatible con Apache Cassandra. Los usuarios autenticados que est\u00e1n autorizados a crear tablas en un espacio de claves pueden escalar sus privilegios para acceder a una tabla en el mismo espacio de claves, incluso si no tienen permisos para esa tabla. Este problema a\u00fan no se ha solucionado. Un workaround para solucionar este problema es deshabilitar los privilegios CREATE en un espacio de claves y crear nuevas tablas en nombre de otros usuarios."}], "id": "CVE-2023-33972", "lastModified": "2024-11-21T08:06:19.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-27T19:15:11.497", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}