Vulnerability Details : CVE-2023-30625
Public exploit exists!
rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.
Vulnerability category: Sql InjectionExecute code
Products affected by CVE-2023-30625
- cpe:2.3:a:rudderstack:rudder-server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-30625
95.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-30625
-
Rudder Server SQLI Remote Code Execution
Disclosure Date: 2023-06-16First seen: 2023-09-11exploit/multi/http/rudder_server_sqli_rceThis Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform (CDP). The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can exec
CVSS scores for CVE-2023-30625
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2023-30625
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-30625
-
https://github.com/rudderlabs/rudder-server/pull/2663
fix: properly escape table name when querying for failed events by atzoum · Pull Request #2663 · rudderlabs/rudder-server · GitHubPatch
-
https://github.com/rudderlabs/rudder-server/pull/2664
fix: always use a sql safe table name in failed events manager by atzoum · Pull Request #2664 · rudderlabs/rudder-server · GitHubPatch
-
https://github.com/rudderlabs/rudder-server/commit/0d061ff2d8c16845179d215bf8012afceba12a30
fix: always use a sql safe table name in failed events manager (#2664) · rudderlabs/rudder-server@0d061ff · GitHubPatch
-
https://github.com/rudderlabs/rudder-server/pull/2652
fix: changed query to accept user input in prepared sql statement by deepakrai9185720 · Pull Request #2652 · rudderlabs/rudder-server · GitHubPatch
-
https://github.com/rudderlabs/rudder-server/commit/9c009d9775abc99e72fc470f4c4c8e8f1775e82a
fix: properly escape table name when querying for failed events (#2663) · rudderlabs/rudder-server@9c009d9 · GitHubPatch
-
http://packetstormsecurity.com/files/173837/Rudder-Server-SQL-Injection-Remote-Code-Execution.html
Rudder Server SQL Injection / Remote Code Execution ≈ Packet Storm
-
https://github.com/rudderlabs/rudder-server/commit/2f956b7eb3d5eb2de3e79d7df2c87405af25071e
fix: changed query to accept user input in prepared sql statement (#2… · rudderlabs/rudder-server@2f956b7 · GitHubPatch
-
https://securitylab.github.com/advisories/GHSL-2022-097_rudder-server/
GHSL-2022-097: SQL injection in rudder-server - CVE-2023-30625 | GitHub Security LabExploit;Third Party Advisory
Jump to