CVE-2024-28251

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 5.6 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/pinterest/querybook/pull/1425
https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767

Configurations

No configuration.

History

No history.

Information

Published : 2024-03-14 00:15

Updated : 2024-03-14 12:52

NVD link : CVE-2024-28251

Mitre link : CVE-2024-28251

CVE.ORG link : CVE-2024-28251

JSON object : View

Products Affected

No product.

CWE

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2024-28251", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}]}, "published": "2024-03-14T00:15:33.630", "references": [{"url": "https://github.com/pinterest/querybook/pull/1425", "source": "security-advisories@github.com"}, {"url": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Querybook es una interfaz de usuario de consulta de Big Data que combina metadatos de tablas colocadas y una interfaz de cuaderno simple. La funcionalidad de documentos de datos de Querybook funciona mediante un servidor Websocket. El cliente habla con este WSS cada vez que actualiza, elimina o lee cualquier celda, as\u00ed como para observar el estado en vivo de las ejecuciones de consultas. Actualmente, la configuraci\u00f3n CORS permite todos los or\u00edgenes, lo que podr\u00eda resultar en el secuestro de websocket entre sitios y permitir a los atacantes leer/editar/eliminar documentos de datos del usuario. Este problema se solucion\u00f3 en la versi\u00f3n 3.32.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2024-03-14T12:52:16.723", "sourceIdentifier": "security-advisories@github.com"}