CVE-2023-36467 - OpenCVE

AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amazon	Aws-dataall

Configuration 1 [-]

cpe:2.3:a:amazon:aws-dataall:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/awslabs/aws-dataall/pull/472
https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2
https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4
https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-28T13:55:06.163Z

Updated: 2024-08-02T16:45:57.043Z

Reserved: 2023-06-21T18:50:41.700Z

Link: CVE-2023-36467

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-28T14:15:09.967

Modified: 2023-07-07T17:18:53.227

Link: CVE-2023-36467

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36467", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-21T18:50:41.700Z", "datePublished": "2023-06-28T13:55:06.163Z", "dateUpdated": "2024-08-02T16:45:57.043Z"}, "containers": {"cna": {"title": "AWS data.all vulnerable to RCE through user injection of Python Commands", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr"}, {"name": "https://github.com/awslabs/aws-dataall/pull/472", "tags": ["x_refsource_MISC"], "url": "https://github.com/awslabs/aws-dataall/pull/472"}, {"name": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2"}, {"name": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4"}], "affected": [{"vendor": "awslabs", "product": "aws-dataall", "versions": [{"version": ">= 1.2.0, < 1.5.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-06-28T13:55:06.163Z"}, "descriptions": [{"lang": "en", "value": "AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the \u2018Template\u2019 field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around."}], "source": {"advisory": "GHSA-m922-chh7-8qcr", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:45:57.043Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr"}, {"name": "https://github.com/awslabs/aws-dataall/pull/472", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/awslabs/aws-dataall/pull/472"}, {"name": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2"}, {"name": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amazon:aws-dataall:*:*:*:*:*:*:*:*", "matchCriteriaId": "0529A7FE-376D-4C9A-BFEF-739038CAEA30", "versionEndIncluding": "1.5.1", "versionStartIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the \u2018Template\u2019 field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around."}], "id": "CVE-2023-36467", "lastModified": "2023-07-07T17:18:53.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-06-28T14:15:09.967", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/awslabs/aws-dataall/pull/472"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Primary"}]}