admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-458xx/CVE-2024-45851.json
cad-safe-bot 2e5c347d37 Auto-Update: 2024-09-16T18:00:17.978353+00:00
2024-09-16 18:03:17 +00:00

113 lines
3.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-45851",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-09-12T13:15:14.170",
"lastModified": "2024-09-16T17:36:19.283",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en las versiones 23.10.5.0 a 24.7.4.1 de la plataforma MindsDB, cuando la integraci\u00f3n de Microsoft SharePoint est\u00e1 instalada en el servidor. En el caso de las bases de datos creadas con el motor de SharePoint, se puede utilizar una consulta \"INSERT\" para la creaci\u00f3n de elementos de lista. Si una consulta de este tipo est\u00e1 especialmente manipulada para contener c\u00f3digo Python y se ejecuta en la base de datos, el c\u00f3digo se pasar\u00e1 a una funci\u00f3n eval y se ejecutar\u00e1 en el servidor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-95"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.10.5.0",
"versionEndExcluding": "24.7.4.1",
"matchCriteriaId": "0199760F-7B3D-4743-A07E-8829B1F88F25"
}
]
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink