CVE-2023-41891 - OpenCVE

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Flyte	Flyteadmin

Configuration 1 [-]

cpe:2.3:a:flyte:flyteadmin:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd
https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4
https://owasp.org/www-community/attacks/SQL_Injection#

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-30T18:01:17.453Z

Updated: 2024-09-06T18:17:36.935Z

Reserved: 2023-09-04T16:31:48.225Z

Link: CVE-2023-41891

Vulnrichment

Updated: 2024-08-02T19:09:49.215Z

NVD

Status : Analyzed

Published: 2023-10-30T19:15:07.883

Modified: 2023-11-07T23:26:21.683

Link: CVE-2023-41891

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41891", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-04T16:31:48.225Z", "datePublished": "2023-10-30T18:01:17.453Z", "dateUpdated": "2024-09-06T18:17:36.935Z"}, "containers": {"cna": {"title": "FlyteAdmin SQL Injection in List Filters", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4"}, {"name": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd", "tags": ["x_refsource_MISC"], "url": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd"}, {"name": "https://owasp.org/www-community/attacks/SQL_Injection#", "tags": ["x_refsource_MISC"], "url": "https://owasp.org/www-community/attacks/SQL_Injection#"}], "affected": [{"vendor": "flyteorg", "product": "flyteadmin", "versions": [{"version": "< 1.1.124", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-30T18:01:17.453Z"}, "descriptions": [{"lang": "en", "value": "FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue."}], "source": {"advisory": "GHSA-r847-6w6h-r8g4", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:09:49.215Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4"}, {"name": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd"}, {"name": "https://owasp.org/www-community/attacks/SQL_Injection#", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://owasp.org/www-community/attacks/SQL_Injection#"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T18:17:06.367889Z", "id": "CVE-2023-41891", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T18:17:36.935Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4", "name": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd", "name": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://owasp.org/www-community/attacks/SQL_Injection#", "name": "https://owasp.org/www-community/attacks/SQL_Injection#", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:09:49.215Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41891", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-06T18:17:06.367889Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T18:17:27.459Z"}}], "cna": {"title": "FlyteAdmin SQL Injection in List Filters", "source": {"advisory": "GHSA-r847-6w6h-r8g4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "flyteorg", "product": "flyteadmin", "versions": [{"status": "affected", "version": "< 1.1.124"}]}], "references": [{"url": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4", "name": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd", "name": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd", "tags": ["x_refsource_MISC"]}, {"url": "https://owasp.org/www-community/attacks/SQL_Injection#", "name": "https://owasp.org/www-community/attacks/SQL_Injection#", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-30T18:01:17.453Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41891", "state": "PUBLISHED", "dateUpdated": "2024-09-06T18:17:36.935Z", "dateReserved": "2023-09-04T16:31:48.225Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-30T18:01:17.453Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flyte:flyteadmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CB20F8F-3916-4352-95AE-447581F07EFC", "versionEndExcluding": "1.1.124", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue."}, {"lang": "es", "value": "FlyteAdmin es el plano de control de Flyte responsable de gestionar entidades y administrar ejecuciones de flujo de trabajo. Antes de la versi\u00f3n 1.1.124, los endpoints de lista en FlyteAdmin ten\u00edan una vulnerabilidad SQL donde un usuario malintencionado pod\u00eda enviar una solicitud REST con declaraciones SQL personalizadas como filtros de lista. El atacante debe tener acceso a la instalaci\u00f3n de FlyteAdmin, normalmente mediante una VPN o mediante autenticaci\u00f3n. La versi\u00f3n 1.1.124 contiene un parche para este problema."}], "id": "CVE-2023-41891", "lastModified": "2023-11-07T23:26:21.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-30T19:15:07.883", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://owasp.org/www-community/attacks/SQL_Injection#"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}