CVE-2023-33972 (GCVE-0-2023-33972)
Vulnerability from cvelistv5 – Published: 2023-09-27 18:15 – Updated: 2024-09-23 19:08
VLAI?
Title
Privilege escalation from having CREATE access on a keyspace in Scylladb
Summary
Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.
Severity ?
7.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scylladb",
"vendor": "scylladb",
"versions": [
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:53:24.827482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T19:08:40.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "scylladb",
"vendor": "scylladb",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don\u0027t have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T18:16:04.248Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq"
}
],
"source": {
"advisory": "GHSA-ww5v-p45p-3vhq",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation from having CREATE access on a keyspace in Scylladb"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33972",
"datePublished": "2023-09-27T18:15:18.162Z",
"dateReserved": "2023-05-24T13:46:35.954Z",
"dateUpdated": "2024-09-23T19:08:40.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.2.8\", \"matchCriteriaId\": \"C8162FB5-E6C6-4E6E-AEE2-7A61A2375710\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don\u0027t have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.\"}, {\"lang\": \"es\", \"value\": \"Scylladb es un almac\\u00e9n de datos NoSQL que utiliza el marco seastar, compatible con Apache Cassandra. Los usuarios autenticados que est\\u00e1n autorizados a crear tablas en un espacio de claves pueden escalar sus privilegios para acceder a una tabla en el mismo espacio de claves, incluso si no tienen permisos para esa tabla. Este problema a\\u00fan no se ha solucionado. Un workaround para solucionar este problema es deshabilitar los privilegios CREATE en un espacio de claves y crear nuevas tablas en nombre de otros usuarios.\"}]",
"id": "CVE-2023-33972",
"lastModified": "2024-11-21T08:06:19.417",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2023-09-27T19:15:11.497",
"references": "[{\"url\": \"https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-33972\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-09-27T19:15:11.497\",\"lastModified\":\"2024-11-21T08:06:19.417\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don\u0027t have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.\"},{\"lang\":\"es\",\"value\":\"Scylladb es un almac\u00e9n de datos NoSQL que utiliza el marco seastar, compatible con Apache Cassandra. Los usuarios autenticados que est\u00e1n autorizados a crear tablas en un espacio de claves pueden escalar sus privilegios para acceder a una tabla en el mismo espacio de claves, incluso si no tienen permisos para esa tabla. Este problema a\u00fan no se ha solucionado. Un workaround para solucionar este problema es deshabilitar los privilegios CREATE en un espacio de claves y crear nuevas tablas en nombre de otros usuarios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.8\",\"matchCriteriaId\":\"C8162FB5-E6C6-4E6E-AEE2-7A61A2375710\"}]}]}],\"references\":[{\"url\":\"https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq\", \"name\": \"https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:54:14.148Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-33972\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-23T18:53:24.827482Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:scylladb:scylladb:*:*:*:*:*:*:*:*\"], \"vendor\": \"scylladb\", \"product\": \"scylladb\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.2.8\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-23T19:08:35.633Z\"}}], \"cna\": {\"title\": \"Privilege escalation from having CREATE access on a keyspace in Scylladb\", \"source\": {\"advisory\": \"GHSA-ww5v-p45p-3vhq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"scylladb\", \"product\": \"scylladb\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 5.2.8\"}]}], \"references\": [{\"url\": \"https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq\", \"name\": \"https://github.com/scylladb/scylladb/security/advisories/GHSA-ww5v-p45p-3vhq\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don\u0027t have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269: Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-09-27T18:16:04.248Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-33972\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-23T19:08:40.769Z\", \"dateReserved\": \"2023-05-24T13:46:35.954Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-09-27T18:15:18.162Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…