cnvd - cnvd-2022-08192

cnvd-2022-08192

Vulnerability from cnvd

Title: Navidrome SQL注入漏洞

Description:

Navidrome是一个基于Web的开源音乐收集服务器和流媒体。用于自由地从任何浏览器或移动设备收听音乐收藏。

Navidrome 0.47.5之前版本存在SQL注入漏洞，该漏洞源于Navidrome中的model/criteria/criteria.go在处理精心制作的智能播放列表时缺少对外部输入SQL语句的验证。攻击者可利用该漏洞从数据库中提取任意数据，包括用户表（其中包含敏感信息，例如用户的加密密码）。

Severity: 中

Patch Name: Navidrome SQL注入漏洞的补丁

Patch Description:

Navidrome是一个基于Web的开源音乐收集服务器和流媒体。用于自由地从任何浏览器或移动设备收听音乐收藏。

Navidrome 0.47.5之前版本存在SQL注入漏洞，该漏洞源于Navidrome中的model/criteria/criteria.go在处理精心制作的智能播放列表时缺少对外部输入SQL语句的验证。攻击者可利用该漏洞从数据库中提取任意数据，包括用户表（其中包含敏感信息，例如用户的加密密码）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/navidrome/navidrome/releases/tag/v0.47.5

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-23857

Impacted products

Name
Navidrome Navidrome <0.47.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-23857",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-23857"
    }
  },
  "description": "Navidrome\u662f\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u5f00\u6e90\u97f3\u4e50\u6536\u96c6\u670d\u52a1\u5668\u548c\u6d41\u5a92\u4f53\u3002\u7528\u4e8e\u81ea\u7531\u5730\u4ece\u4efb\u4f55\u6d4f\u89c8\u5668\u6216\u79fb\u52a8\u8bbe\u5907\u6536\u542c\u97f3\u4e50\u6536\u85cf\u3002\n\nNavidrome 0.47.5\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eNavidrome\u4e2d\u7684model/criteria/criteria.go\u5728\u5904\u7406\u7cbe\u5fc3\u5236\u4f5c\u7684\u667a\u80fd\u64ad\u653e\u5217\u8868\u65f6\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u6570\u636e\u5e93\u4e2d\u63d0\u53d6\u4efb\u610f\u6570\u636e\uff0c\u5305\u62ec\u7528\u6237\u8868\uff08\u5176\u4e2d\u5305\u542b\u654f\u611f\u4fe1\u606f\uff0c\u4f8b\u5982\u7528\u6237\u7684\u52a0\u5bc6\u5bc6\u7801\uff09\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/navidrome/navidrome/releases/tag/v0.47.5",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-08192",
  "openTime": "2022-02-03",
  "patchDescription": "Navidrome\u662f\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u5f00\u6e90\u97f3\u4e50\u6536\u96c6\u670d\u52a1\u5668\u548c\u6d41\u5a92\u4f53\u3002\u7528\u4e8e\u81ea\u7531\u5730\u4ece\u4efb\u4f55\u6d4f\u89c8\u5668\u6216\u79fb\u52a8\u8bbe\u5907\u6536\u542c\u97f3\u4e50\u6536\u85cf\u3002\r\n\r\nNavidrome 0.47.5\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eNavidrome\u4e2d\u7684model/criteria/criteria.go\u5728\u5904\u7406\u7cbe\u5fc3\u5236\u4f5c\u7684\u667a\u80fd\u64ad\u653e\u5217\u8868\u65f6\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u6570\u636e\u5e93\u4e2d\u63d0\u53d6\u4efb\u610f\u6570\u636e\uff0c\u5305\u62ec\u7528\u6237\u8868\uff08\u5176\u4e2d\u5305\u542b\u654f\u611f\u4fe1\u606f\uff0c\u4f8b\u5982\u7528\u6237\u7684\u52a0\u5bc6\u5bc6\u7801\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Navidrome SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Navidrome Navidrome \u003c0.47.5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-23857",
  "serverity": "\u4e2d",
  "submitTime": "2022-01-26",
  "title": "Navidrome SQL\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2022-23857 (GCVE-0-2022-23857)

Vulnerability from cvelistv5

Published

2022-01-24 01:56

Modified

2024-08-03 03:51

Severity ?

CWE

Summary

model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords).

References

▼	URL	Tags
	https://github.com/navidrome/navidrome/releases/tag/v0.47.5	x_refsource_MISC
	https://github.com/navidrome/navidrome/commit/9e79b5cbf2a48c1e4344df00fea4ed3844ea965d	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:46.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/navidrome/navidrome/releases/tag/v0.47.5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/navidrome/navidrome/commit/9e79b5cbf2a48c1e4344df00fea4ed3844ea965d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users\u0027 encrypted passwords)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-24T01:56:34",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/navidrome/navidrome/releases/tag/v0.47.5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/navidrome/navidrome/commit/9e79b5cbf2a48c1e4344df00fea4ed3844ea965d"
        }
      ],
      "x_ConverterErrors": {
        "cvssV3_1": {
          "error": "CVSSV3_1 data from v4 record is invalid",
          "message": "Missing mandatory metrics \"AV\""
        }
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-23857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users\u0027 encrypted passwords)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "availabilityImpact": "NONE",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/A:N/C:H/I:N/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/navidrome/navidrome/releases/tag/v0.47.5",
              "refsource": "MISC",
              "url": "https://github.com/navidrome/navidrome/releases/tag/v0.47.5"
            },
            {
              "name": "https://github.com/navidrome/navidrome/commit/9e79b5cbf2a48c1e4344df00fea4ed3844ea965d",
              "refsource": "MISC",
              "url": "https://github.com/navidrome/navidrome/commit/9e79b5cbf2a48c1e4344df00fea4ed3844ea965d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-23857",
    "datePublished": "2022-01-24T01:56:34",
    "dateReserved": "2022-01-24T00:00:00",
    "dateUpdated": "2024-08-03T03:51:46.119Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted