CVE-2024-45848

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*

History

16 Sep 2024, 17:33

Type	Values Removed	Values Added
First Time		Mindsdb Mindsdb mindsdb
Summary		(es) Existe una vulnerabilidad de ejecución de código arbitrario en las versiones 23.12.4.0 a 24.7.4.1 de la plataforma MindsDB, cuando la integración de ChromaDB está instalada en el servidor. Si se ejecuta una consulta 'INSERT' especialmente manipulada que contiene código Python en una base de datos creada con el motor ChromaDB, el código se pasará a una función eval y se ejecutará en el servidor.
References	~~() https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/ -~~	() https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/ - Exploit, Third Party Advisory
CPE		cpe:2.3:a:mindsdb:mindsdb::::::::
CWE		CWE-94

12 Sep 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-12 13:15

Updated : 2024-09-16 17:33

NVD link : CVE-2024-45848

Mitre link : CVE-2024-45848

CVE.ORG link : CVE-2024-45848

JSON object : View

Products Affected

mindsdb

mindsdb

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

{"id": "CVE-2024-45848", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-09-12T13:15:13.437", "references": [{"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", "tags": ["Exploit", "Third Party Advisory"], "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Secondary", "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "description": [{"lang": "en", "value": "CWE-95"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted \u2018INSERT\u2019 query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en las versiones 23.12.4.0 a 24.7.4.1 de la plataforma MindsDB, cuando la integraci\u00f3n de ChromaDB est\u00e1 instalada en el servidor. Si se ejecuta una consulta 'INSERT' especialmente manipulada que contiene c\u00f3digo Python en una base de datos creada con el motor ChromaDB, el c\u00f3digo se pasar\u00e1 a una funci\u00f3n eval y se ejecutar\u00e1 en el servidor."}], "lastModified": "2024-09-16T17:33:40.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43357792-2782-43E9-B0AD-0ED2909FCCBB", "versionEndExcluding": "24.7.4.1", "versionStartIncluding": "23.12.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"}