CVE-2023-33972 - OpenCVE

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Scylladb	Scylladb

Configuration 1 [-]

cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq

History

Mon, 23 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-09-27T18:15:18.162Z

Updated: 2024-09-23T19:08:40.769Z

Reserved: 2023-05-24T13:46:35.954Z

Link: CVE-2023-33972

Vulnrichment

Updated: 2024-08-02T15:54:14.148Z

NVD

Status : Analyzed

Published: 2023-09-27T19:15:11.497

Modified: 2023-10-02T18:51:05.283

Link: CVE-2023-33972

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-33972", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-05-24T13:46:35.954Z", "datePublished": "2023-09-27T18:15:18.162Z", "dateUpdated": "2024-09-23T19:08:40.769Z"}, "containers": {"cna": {"title": "Privilege escalation from having CREATE access on a keyspace in Scylladb", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "lang": "en", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq"}], "affected": [{"vendor": "scylladb", "product": "scylladb", "versions": [{"version": "<= 5.2.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-27T18:16:04.248Z"}, "descriptions": [{"lang": "en", "value": "Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users."}], "source": {"advisory": "GHSA-ww5v-p45p-3vhq", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:54:14.148Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq"}]}, {"affected": [{"vendor": "scylladb", "product": "scylladb", "cpes": ["cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.2.8", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T18:53:24.827482Z", "id": "CVE-2023-33972", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T19:08:40.769Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "name": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:54:14.148Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-33972", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-23T18:53:24.827482Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*"], "vendor": "scylladb", "product": "scylladb", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.2.8"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T19:08:35.633Z"}}], "cna": {"title": "Privilege escalation from having CREATE access on a keyspace in Scylladb", "source": {"advisory": "GHSA-ww5v-p45p-3vhq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "scylladb", "product": "scylladb", "versions": [{"status": "affected", "version": "<= 5.2.8"}]}], "references": [{"url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "name": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-27T18:16:04.248Z"}}}, "cveMetadata": {"cveId": "CVE-2023-33972", "state": "PUBLISHED", "dateUpdated": "2024-09-23T19:08:40.769Z", "dateReserved": "2023-05-24T13:46:35.954Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-09-27T18:15:18.162Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8162FB5-E6C6-4E6E-AEE2-7A61A2375710", "versionEndIncluding": "5.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users."}, {"lang": "es", "value": "Scylladb es un almac\u00e9n de datos NoSQL que utiliza el marco seastar, compatible con Apache Cassandra. Los usuarios autenticados que est\u00e1n autorizados a crear tablas en un espacio de claves pueden escalar sus privilegios para acceder a una tabla en el mismo espacio de claves, incluso si no tienen permisos para esa tabla. Este problema a\u00fan no se ha solucionado. Un workaround para solucionar este problema es deshabilitar los privilegios CREATE en un espacio de claves y crear nuevas tablas en nombre de otros usuarios."}], "id": "CVE-2023-33972", "lastModified": "2023-10-02T18:51:05.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-09-27T19:15:11.497", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "security-advisories@github.com", "type": "Secondary"}]}