GHSA-3jmm-f6jj-rcc3

Опубликовано: 05 авг. 2024

Источник: github

Github: Прошло ревью

CVSS4: 9.3

CVSS3: 8.8

Описание

rudder-server is vulnerable to SQL injection

rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the rudder role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.

Ссылки

Пакеты

Наименование

github.com/rudderlabs/rudder-server

Затронутые версииВерсия исправления

< 1.3.0-rc.1

1.3.0-rc.1

EPSS

Процентиль: 100%

0.88827

Высокий

9.3 Critical

CVSS4

8.8 High

CVSS3

CVE ID

CVE-2023-30625

Дефекты

CWE-89

Связанные уязвимости

CVE-2023-30625

CVSS3: 8.8

nvd

больше 2 лет назад

rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.

EPSS

Процентиль: 100%

0.88827

Высокий

9.3 Critical

CVSS4

8.8 High

CVSS3

CVE ID

CVE-2023-30625

Дефекты

CWE-89