ghsa-pqj7-jx24-wj7w
Vulnerability from github
Published
2023-05-11 19:40
Modified
2023-05-11 19:40
Severity ?
Summary
VTAdmin users that can create shards can deny access to other functions
Details
Impact
Users can either intentionally or inadvertently create a shard containing /
characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error.
Attempting to view the keyspace(s) will also no longer work.
Creating a shard using vtctldclient
does not have the same problem because the CLI validates the input correctly.
Patches
v16.0.2, corresponding to 0.16.2 on pkg.go.dev
Workarounds
- Always use
vtctldclient
to create shards, instead of using VTAdmin - Disable creating shards from VTAdmin using RBAC
- Delete the topology record for the offending shard using the client for your topology server. For example, if you created a shard called
a/b
in keyspacecommerce
, and you are running etcd, it can be deleted by doing something like% etcdctl --endpoints "http://${ETCD_SERVER}" del /vitess/global/keyspaces/commerce/shards/a/b/Shard
References
https://github.com/vitessio/vitess/issues/12842
Found during a security audit sponsored by the CNCF and facilitated by OSTIF.
{ "affected": [ { "package": { "ecosystem": "Go", "name": "vitess.io/vitess" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.16.2" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-29195" ], "database_specific": { "cwe_ids": [ "CWE-20", "CWE-703" ], "github_reviewed": true, "github_reviewed_at": "2023-05-11T19:40:49Z", "nvd_published_at": "2023-05-11T20:15:09Z", "severity": "MODERATE" }, "details": "### Impact\nUsers can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. \nAttempting to view the keyspace(s) will also no longer work.\nCreating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly.\n\n### Patches\nv16.0.2, corresponding to [0.16.2 on pkg.go.dev](https://pkg.go.dev/vitess.io/vitess@v0.16.2)\n\n### Workarounds\n- Always use `vtctldclient` to create shards, instead of using VTAdmin\n- Disable creating shards from VTAdmin using RBAC\n- Delete the topology record for the offending shard using the client for your topology server. For example, if you created a shard called `a/b` in keyspace `commerce`, and you are running etcd, it can be deleted by doing something like\n```\n% etcdctl --endpoints \"http://${ETCD_SERVER}\" del /vitess/global/keyspaces/commerce/shards/a/b/Shard\n```\n\n### References\nhttps://github.com/vitessio/vitess/issues/12842\n\nFound during a security audit sponsored by the [CNCF](https://cncf.io) and facilitated by [OSTIF](https://ostif.org).", "id": "GHSA-pqj7-jx24-wj7w", "modified": "2023-05-11T19:40:49Z", "published": "2023-05-11T19:40:49Z", "references": [ { "type": "WEB", "url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29195" }, { "type": "WEB", "url": "https://github.com/vitessio/vitess/issues/12842" }, { "type": "WEB", "url": "https://github.com/vitessio/vitess/pull/12843" }, { "type": "WEB", "url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920" }, { "type": "PACKAGE", "url": "https://github.com/vitessio/vitess" }, { "type": "WEB", "url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2" }, { "type": "WEB", "url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L", "type": "CVSS_V3" } ], "summary": "VTAdmin users that can create shards can deny access to other functions" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.