CVE-2023-46738

CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the ammount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment - otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/cubefs/cubefs/commit/dd46c24873c8f3df48d0a598b704ef9bd24b1ec1	Patch
https://github.com/cubefs/cubefs/security/advisories/GHSA-qc6v-g3xw-grmx	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:cubefs:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-01-03 16:15

Updated : 2024-01-10 16:59

NVD link : CVE-2023-46738

Mitre link : CVE-2023-46738

CVE.ORG link : CVE-2023-46738

JSON object : View

Products Affected

linuxfoundation

cubefs

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2023-46738", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-01-03T16:15:08.470", "references": [{"url": "https://github.com/cubefs/cubefs/commit/dd46c24873c8f3df48d0a598b704ef9bd24b1ec1", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-qc6v-g3xw-grmx", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the ammount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment - otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading."}, {"lang": "es", "value": "CubeFS es un sistema de almacenamiento de archivos nativo de la nube de c\u00f3digo abierto. Se encontr\u00f3 una vulnerabilidad de seguridad en CubeFS HandlerNode en versiones anteriores a la 3.3.1 que podr\u00eda permitir a los usuarios autenticados enviar solicitudes manipuladas con fines malintencionados que bloquear\u00edan el ObjectNode y negar\u00edan a otros usuarios su uso. La causa principal fue el manejo inadecuado de las solicitudes HTTP entrantes que podr\u00edan permitir a un atacante controlar la cantidad de memoria que asignar\u00eda el ObjectNode. Una solicitud maliciosa podr\u00eda hacer que el ObjectNode asigne m\u00e1s memoria de la que la m\u00e1quina ten\u00eda disponible, y el atacante podr\u00eda agotar la memoria mediante una \u00fanica solicitud maliciosa. Un atacante necesitar\u00eda estar autenticado para poder invocar el c\u00f3digo vulnerable con su solicitud maliciosa y tener permisos para eliminar objetos. Adem\u00e1s, el atacante necesitar\u00eda conocer los nombres de los dep\u00f3sitos existentes de la implementaci\u00f3n de CubeFS; de lo contrario, la solicitud ser\u00eda rechazada antes de llegar al c\u00f3digo vulnerable. Como tal, el atacante m\u00e1s probable es un usuario interno o un atacante que ha violado la cuenta de un usuario existente en el cl\u00faster. El problema se solucion\u00f3 en la versi\u00f3n 3.3.1. No existe otra mitigaci\u00f3n adem\u00e1s de la actualizaci\u00f3n."}], "lastModified": "2024-01-10T16:59:52.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:cubefs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E8D59D8-6863-4398-9D77-2442BAF81108", "versionEndExcluding": "3.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}