CVE-2024-38363 (GCVE-0-2024-38363)
Vulnerability from cvelistv5 – Published: 2024-07-09 14:10 – Updated: 2024-08-02 04:04
VLAI
Title
Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte
Summary
Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/airbytehq/airbyte/security/adv… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:airbyte:airbytehq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "airbytehq",
"vendor": "airbyte",
"versions": [
{
"lessThan": "0.62.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T14:29:59.326680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T14:32:40.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "airbyte",
"vendor": "airbytehq",
"versions": [
{
"status": "affected",
"version": "\u003c 0.62.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T14:10:47.792Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq"
}
],
"source": {
"advisory": "GHSA-4j3c-fgvx-xgqq",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38363",
"datePublished": "2024-07-09T14:10:47.792Z",
"dateReserved": "2024-06-14T14:16:16.465Z",
"dateUpdated": "2024-08-02T04:04:25.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-38363",
"date": "2026-06-06",
"epss": "0.02371",
"percentile": "0.85276"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2.\"}, {\"lang\": \"es\", \"value\": \"Airbyte es una plataforma de integraci\\u00f3n de datos para tuber\\u00edas ELT. La imagen acoplable del generador de conexiones Airbyte es vulnerable a RCE a trav\\u00e9s de SSTI, lo que permite a un atacante remoto autenticado ejecutar c\\u00f3digo arbitrario en el servidor como usuario del servidor web. El generador de conexiones se utiliza para crear y probar nuevos conectores. La informaci\\u00f3n confidencial, como las credenciales, podr\\u00eda quedar expuesta si un usuario probara un nuevo conector en una instancia comprometida. El creador de conexiones no tiene acceso a ning\\u00fan proceso de datos. Esta vulnerabilidad se solucion\\u00f3 en 0.62.2.\"}]",
"id": "CVE-2024-38363",
"lastModified": "2024-11-21T09:25:27.513",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 6.0}]}",
"published": "2024-07-09T15:15:11.043",
"references": "[{\"url\": \"https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1336\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-38363\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-07-09T15:15:11.043\",\"lastModified\":\"2024-11-21T09:25:27.513\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2.\"},{\"lang\":\"es\",\"value\":\"Airbyte es una plataforma de integraci\u00f3n de datos para tuber\u00edas ELT. La imagen acoplable del generador de conexiones Airbyte es vulnerable a RCE a trav\u00e9s de SSTI, lo que permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario en el servidor como usuario del servidor web. El generador de conexiones se utiliza para crear y probar nuevos conectores. La informaci\u00f3n confidencial, como las credenciales, podr\u00eda quedar expuesta si un usuario probara un nuevo conector en una instancia comprometida. El creador de conexiones no tiene acceso a ning\u00fan proceso de datos. Esta vulnerabilidad se solucion\u00f3 en 0.62.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1336\"}]}],\"references\":[{\"url\":\"https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38363\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-09T14:29:59.326680Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:airbyte:airbytehq:*:*:*:*:*:*:*:*\"], \"vendor\": \"airbyte\", \"product\": \"airbytehq\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.62.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-09T14:32:15.394Z\"}}], \"cna\": {\"title\": \"Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte\", \"source\": {\"advisory\": \"GHSA-4j3c-fgvx-xgqq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"airbytehq\", \"product\": \"airbyte\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.62.2\"}]}], \"references\": [{\"url\": \"https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq\", \"name\": \"https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1336\", \"description\": \"CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-09T14:10:47.792Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-38363\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-09T14:32:40.156Z\", \"dateReserved\": \"2024-06-14T14:16:16.465Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-07-09T14:10:47.792Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…