mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
113 lines
3.6 KiB
JSON
113 lines
3.6 KiB
JSON
{
|
|
"id": "CVE-2024-45847",
|
|
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
|
|
"published": "2024-09-12T13:15:13.177",
|
|
"lastModified": "2024-09-16T17:31:04.850",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted \u2018UPDATE\u2019 query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en las versiones 23.11.4.2 a 24.7.4.1 de la plataforma MindsDB, cuando se instala una de varias integraciones en el servidor. Si se ejecuta una consulta 'UPDATE' especialmente manipulada que contiene c\u00f3digo Python en una base de datos creada con el motor de integraci\u00f3n especificado, el c\u00f3digo se pasar\u00e1 a una funci\u00f3n eval y se ejecutar\u00e1 en el servidor."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-95"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-94"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "23.11.4.2",
|
|
"versionEndExcluding": "24.7.4.1",
|
|
"matchCriteriaId": "847D929C-E8B2-488E-99EC-2F4B2C4FBDAC"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/",
|
|
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |