Search criteria

1 vulnerability by airbytehq

CVE-2024-38363 (GCVE-0-2024-38363)

Vulnerability from cvelistv5 – Published: 2024-07-09 14:10 – Updated: 2024-08-02 04:04
VLAI
Title
Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte
Summary
Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2.
Severity
8.6 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
Impacted products
Vendor Product Version
airbytehq airbyte Affected: < 0.62.2
Create a notification for this product.
airbyte airbytehq Affected: 0 , < 0.62.2 (custom)
    cpe:2.3:a:airbyte:airbytehq:*:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:airbyte:airbytehq:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "airbytehq",
            "vendor": "airbyte",
            "versions": [
              {
                "lessThan": "0.62.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38363",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T14:29:59.326680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T14:32:40.156Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:04:25.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "airbyte",
          "vendor": "airbytehq",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.62.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1336",
              "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T14:10:47.792Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq"
        }
      ],
      "source": {
        "advisory": "GHSA-4j3c-fgvx-xgqq",
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-38363",
    "datePublished": "2024-07-09T14:10:47.792Z",
    "dateReserved": "2024-06-14T14:16:16.465Z",
    "dateUpdated": "2024-08-02T04:04:25.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}