Search criteria
38 vulnerabilities found for mindsdb by mindsdb
CVE-2024-45856 (GCVE-0-2024-45856)
Vulnerability from nvd – Published: 2024-09-12 13:05 – Updated: 2024-09-12 16:57
VLAI?
Summary
A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.
Severity ?
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T16:55:06.284110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T16:57:45.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI."
}
],
"value": "A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:05:01.526Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45856",
"datePublished": "2024-09-12T13:05:01.526Z",
"dateReserved": "2024-09-10T15:36:55.926Z",
"dateUpdated": "2024-09-12T16:57:45.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45855 (GCVE-0-2024-45855)
Vulnerability from nvd – Published: 2024-09-12 13:04 – Updated: 2024-09-12 17:04
VLAI?
Summary
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.
Severity ?
7.1 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "23.10.2.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T16:59:31.344972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:04:48.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "23.10.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when using \u2018finetune\u2019 on it."
}
],
"value": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when using \u2018finetune\u2019 on it."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:04:13.076Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45855",
"datePublished": "2024-09-12T13:04:13.076Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:04:48.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45854 (GCVE-0-2024-45854)
Vulnerability from nvd – Published: 2024-09-12 13:03 – Updated: 2024-09-12 17:06
VLAI?
Summary
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.
Severity ?
7.1 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "23.10.3.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:05:13.948813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:06:22.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "23.10.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when a \u2018describe\u2019 query is run on it."
}
],
"value": "Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when a \u2018describe\u2019 query is run on it."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:03:30.197Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45854",
"datePublished": "2024-09-12T13:03:30.197Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:06:22.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45853 (GCVE-0-2024-45853)
Vulnerability from nvd – Published: 2024-09-12 13:03 – Updated: 2024-09-12 17:13
VLAI?
Summary
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.
Severity ?
7.1 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "23.10.2.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:12:46.512846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:13:52.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "23.10.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when used for a prediction."
}
],
"value": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when used for a prediction."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:03:02.719Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45853",
"datePublished": "2024-09-12T13:03:02.719Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:13:52.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45852 (GCVE-0-2024-45852)
Vulnerability from nvd – Published: 2024-09-12 13:02 – Updated: 2024-09-12 17:15
VLAI?
Summary
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.
Severity ?
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "23.3.2.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:14:17.867082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:15:03.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "23.3.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with."
}
],
"value": "Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:02:29.831Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45852",
"datePublished": "2024-09-12T13:02:29.831Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:15:03.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45851 (GCVE-0-2024-45851)
Vulnerability from nvd – Published: 2024-09-12 13:01 – Updated: 2024-09-12 17:15
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "023.10.5.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:15:20.955478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:15:51.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:01:02.816Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45851",
"datePublished": "2024-09-12T13:01:02.816Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:15:51.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45850 (GCVE-0-2024-45850)
Vulnerability from nvd – Published: 2024-09-12 13:00 – Updated: 2024-09-12 17:16
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.5.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:16:12.656495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:16:47.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:00:18.531Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45850",
"datePublished": "2024-09-12T13:00:18.531Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:16:47.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45849 (GCVE-0-2024-45849)
Vulnerability from nvd – Published: 2024-09-12 12:59 – Updated: 2024-09-12 14:02
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45849",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:01:54.454946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:02:51.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:59:25.993Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45849",
"datePublished": "2024-09-12T12:59:25.993Z",
"dateReserved": "2024-09-10T15:36:52.126Z",
"dateUpdated": "2024-09-12T14:02:51.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45848 (GCVE-0-2024-45848)
Vulnerability from nvd – Published: 2024-09-12 12:58 – Updated: 2024-09-12 14:35
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.12.4.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45848",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:34:37.624387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:35:30.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.12.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted \u2018INSERT\u2019 query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted \u2018INSERT\u2019 query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:58:32.914Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45848",
"datePublished": "2024-09-12T12:58:32.914Z",
"dateReserved": "2024-09-10T15:36:52.125Z",
"dateUpdated": "2024-09-12T14:35:30.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45847 (GCVE-0-2024-45847)
Vulnerability from nvd – Published: 2024-09-12 12:57 – Updated: 2024-09-12 14:37
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.11.4.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45847",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:36:33.344700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:37:32.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.11.4.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted \u2018UPDATE\u2019 query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted \u2018UPDATE\u2019 query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:42.357Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45847",
"datePublished": "2024-09-12T12:57:42.357Z",
"dateReserved": "2024-09-10T15:36:52.125Z",
"dateUpdated": "2024-09-12T14:37:32.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45846 (GCVE-0-2024-45846)
Vulnerability from nvd – Published: 2024-09-12 12:56 – Updated: 2024-09-12 14:39
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.3.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45846",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:38:31.814512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:39:09.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted \u2018SELECT WHERE\u2019 clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted \u2018SELECT WHERE\u2019 clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:56:48.362Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45846",
"datePublished": "2024-09-12T12:56:48.362Z",
"dateReserved": "2024-09-10T15:36:52.125Z",
"dateUpdated": "2024-09-12T14:39:09.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24759 (GCVE-0-2024-24759)
Vulnerability from nvd – Published: 2024-09-05 16:30 – Updated: 2024-09-05 17:46
VLAI?
Title
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
Summary
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.
Severity ?
9.3 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "23.12.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24759",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T17:45:02.937898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T17:46:08.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"status": "affected",
"version": "\u003c 23.12.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T16:30:38.659Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr"
},
{
"name": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b"
}
],
"source": {
"advisory": "GHSA-4jcv-vp96-94xr",
"discovery": "UNKNOWN"
},
"title": "MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24759",
"datePublished": "2024-09-05T16:30:38.659Z",
"dateReserved": "2024-01-29T20:51:26.010Z",
"dateUpdated": "2024-09-05T17:46:08.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3575 (GCVE-0-2024-3575)
Vulnerability from nvd – Published: 2024-04-16 00:00 – Updated: 2024-08-01 20:12
VLAI?
Title
Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb
Summary
Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb
Severity ?
5.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mindsdb | mindsdb/mindsdb |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3575",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T16:19:42.670555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T16:33:19.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/5f720b48-ddeb-4f2a-830f-a3dd15d5daa2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T11:10:43.917Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/5f720b48-ddeb-4f2a-830f-a3dd15d5daa2"
}
],
"source": {
"advisory": "5f720b48-ddeb-4f2a-830f-a3dd15d5daa2",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-3575",
"datePublished": "2024-04-16T00:00:13.688Z",
"dateReserved": "2024-04-10T10:56:13.611Z",
"dateUpdated": "2024-08-01T20:12:07.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50731 (GCVE-0-2023-50731)
Vulnerability from nvd – Published: 2023-12-22 20:43 – Updated: 2024-08-02 22:16
VLAI?
Title
MindsDB has arbitrary file write in file.py
Summary
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server.
Severity ?
9.1 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/"
},
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj"
},
{
"name": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125"
},
{
"name": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"status": "affected",
"version": "\u003c 23.11.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T20:43:18.036Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/"
},
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj"
},
{
"name": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125"
},
{
"name": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138"
}
],
"source": {
"advisory": "GHSA-vmjp-9j5f-g4g2",
"discovery": "UNKNOWN"
},
"title": "MindsDB has arbitrary file write in file.py"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50731",
"datePublished": "2023-12-22T20:43:18.036Z",
"dateReserved": "2023-12-11T17:53:36.032Z",
"dateUpdated": "2024-08-02T22:16:47.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49796 (GCVE-0-2023-49796)
Vulnerability from nvd – Published: 2023-12-11 20:38 – Updated: 2024-08-02 22:01
VLAI?
Title
MindsDB Arbitrary File Write vulnerability
Summary
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.
Severity ?
5.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-crhp-7c74-cg4c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-crhp-7c74-cg4c"
},
{
"name": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"status": "affected",
"version": "\u003c 23.11.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB\u0027s `staging` branch or v23.11.4.1, which contain a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-11T20:38:25.330Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-crhp-7c74-cg4c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-crhp-7c74-cg4c"
},
{
"name": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe"
}
],
"source": {
"advisory": "GHSA-crhp-7c74-cg4c",
"discovery": "UNKNOWN"
},
"title": "MindsDB Arbitrary File Write vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49796",
"datePublished": "2023-12-11T20:38:25.330Z",
"dateReserved": "2023-11-30T13:39:50.863Z",
"dateUpdated": "2024-08-02T22:01:26.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45856 (GCVE-0-2024-45856)
Vulnerability from cvelistv5 – Published: 2024-09-12 13:05 – Updated: 2024-09-12 16:57
VLAI?
Summary
A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.
Severity ?
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T16:55:06.284110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T16:57:45.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI."
}
],
"value": "A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:05:01.526Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45856",
"datePublished": "2024-09-12T13:05:01.526Z",
"dateReserved": "2024-09-10T15:36:55.926Z",
"dateUpdated": "2024-09-12T16:57:45.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45855 (GCVE-0-2024-45855)
Vulnerability from cvelistv5 – Published: 2024-09-12 13:04 – Updated: 2024-09-12 17:04
VLAI?
Summary
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.
Severity ?
7.1 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "23.10.2.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T16:59:31.344972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:04:48.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "23.10.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when using \u2018finetune\u2019 on it."
}
],
"value": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when using \u2018finetune\u2019 on it."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:04:13.076Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45855",
"datePublished": "2024-09-12T13:04:13.076Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:04:48.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45854 (GCVE-0-2024-45854)
Vulnerability from cvelistv5 – Published: 2024-09-12 13:03 – Updated: 2024-09-12 17:06
VLAI?
Summary
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.
Severity ?
7.1 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "23.10.3.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:05:13.948813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:06:22.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "23.10.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when a \u2018describe\u2019 query is run on it."
}
],
"value": "Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when a \u2018describe\u2019 query is run on it."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:03:30.197Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45854",
"datePublished": "2024-09-12T13:03:30.197Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:06:22.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45853 (GCVE-0-2024-45853)
Vulnerability from cvelistv5 – Published: 2024-09-12 13:03 – Updated: 2024-09-12 17:13
VLAI?
Summary
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.
Severity ?
7.1 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "23.10.2.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:12:46.512846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:13:52.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "23.10.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when used for a prediction."
}
],
"value": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model to run arbitrary code on the server when used for a prediction."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:03:02.719Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45853",
"datePublished": "2024-09-12T13:03:02.719Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:13:52.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45852 (GCVE-0-2024-45852)
Vulnerability from cvelistv5 – Published: 2024-09-12 13:02 – Updated: 2024-09-12 17:15
VLAI?
Summary
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.
Severity ?
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "23.3.2.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:14:17.867082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:15:03.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "23.3.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with."
}
],
"value": "Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:02:29.831Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45852",
"datePublished": "2024-09-12T13:02:29.831Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:15:03.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45851 (GCVE-0-2024-45851)
Vulnerability from cvelistv5 – Published: 2024-09-12 13:01 – Updated: 2024-09-12 17:15
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "023.10.5.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:15:20.955478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:15:51.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:01:02.816Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45851",
"datePublished": "2024-09-12T13:01:02.816Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:15:51.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45850 (GCVE-0-2024-45850)
Vulnerability from cvelistv5 – Published: 2024-09-12 13:00 – Updated: 2024-09-12 17:16
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.5.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:16:12.656495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:16:47.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:00:18.531Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45850",
"datePublished": "2024-09-12T13:00:18.531Z",
"dateReserved": "2024-09-10T15:36:52.127Z",
"dateUpdated": "2024-09-12T17:16:47.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45849 (GCVE-0-2024-45849)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:59 – Updated: 2024-09-12 14:02
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45849",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:01:54.454946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:02:51.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an \u2018INSERT\u2019 query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:59:25.993Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45849",
"datePublished": "2024-09-12T12:59:25.993Z",
"dateReserved": "2024-09-10T15:36:52.126Z",
"dateUpdated": "2024-09-12T14:02:51.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45848 (GCVE-0-2024-45848)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:58 – Updated: 2024-09-12 14:35
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.12.4.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45848",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:34:37.624387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:35:30.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.12.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted \u2018INSERT\u2019 query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted \u2018INSERT\u2019 query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:58:32.914Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45848",
"datePublished": "2024-09-12T12:58:32.914Z",
"dateReserved": "2024-09-10T15:36:52.125Z",
"dateUpdated": "2024-09-12T14:35:30.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45847 (GCVE-0-2024-45847)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:57 – Updated: 2024-09-12 14:37
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.11.4.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45847",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:36:33.344700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:37:32.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.11.4.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted \u2018UPDATE\u2019 query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted \u2018UPDATE\u2019 query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:42.357Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45847",
"datePublished": "2024-09-12T12:57:42.357Z",
"dateReserved": "2024-09-10T15:36:52.125Z",
"dateUpdated": "2024-09-12T14:37:32.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45846 (GCVE-0-2024-45846)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:56 – Updated: 2024-09-12 14:39
VLAI?
Summary
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.
Severity ?
8.8 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.3.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45846",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:38:31.814512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:39:09.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mindsdb",
"repo": "https://github.com/mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "24.7.4.1",
"status": "affected",
"version": "23.10.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted \u2018SELECT WHERE\u2019 clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server."
}
],
"value": "An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted \u2018SELECT WHERE\u2019 clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:56:48.362Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-45846",
"datePublished": "2024-09-12T12:56:48.362Z",
"dateReserved": "2024-09-10T15:36:52.125Z",
"dateUpdated": "2024-09-12T14:39:09.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24759 (GCVE-0-2024-24759)
Vulnerability from cvelistv5 – Published: 2024-09-05 16:30 – Updated: 2024-09-05 17:46
VLAI?
Title
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
Summary
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.
Severity ?
9.3 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThan": "23.12.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24759",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T17:45:02.937898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T17:46:08.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"status": "affected",
"version": "\u003c 23.12.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T16:30:38.659Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr"
},
{
"name": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b"
}
],
"source": {
"advisory": "GHSA-4jcv-vp96-94xr",
"discovery": "UNKNOWN"
},
"title": "MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24759",
"datePublished": "2024-09-05T16:30:38.659Z",
"dateReserved": "2024-01-29T20:51:26.010Z",
"dateUpdated": "2024-09-05T17:46:08.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3575 (GCVE-0-2024-3575)
Vulnerability from cvelistv5 – Published: 2024-04-16 00:00 – Updated: 2024-08-01 20:12
VLAI?
Title
Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb
Summary
Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb
Severity ?
5.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mindsdb | mindsdb/mindsdb |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mindsdb:mindsdb:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3575",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T16:19:42.670555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T16:33:19.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/5f720b48-ddeb-4f2a-830f-a3dd15d5daa2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mindsdb/mindsdb",
"vendor": "mindsdb",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T11:10:43.917Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/5f720b48-ddeb-4f2a-830f-a3dd15d5daa2"
}
],
"source": {
"advisory": "5f720b48-ddeb-4f2a-830f-a3dd15d5daa2",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-3575",
"datePublished": "2024-04-16T00:00:13.688Z",
"dateReserved": "2024-04-10T10:56:13.611Z",
"dateUpdated": "2024-08-01T20:12:07.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50731 (GCVE-0-2023-50731)
Vulnerability from cvelistv5 – Published: 2023-12-22 20:43 – Updated: 2024-08-02 22:16
VLAI?
Title
MindsDB has arbitrary file write in file.py
Summary
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server.
Severity ?
9.1 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/"
},
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj"
},
{
"name": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125"
},
{
"name": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"status": "affected",
"version": "\u003c 23.11.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T20:43:18.036Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/"
},
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj"
},
{
"name": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125"
},
{
"name": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138"
}
],
"source": {
"advisory": "GHSA-vmjp-9j5f-g4g2",
"discovery": "UNKNOWN"
},
"title": "MindsDB has arbitrary file write in file.py"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50731",
"datePublished": "2023-12-22T20:43:18.036Z",
"dateReserved": "2023-12-11T17:53:36.032Z",
"dateUpdated": "2024-08-02T22:16:47.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49796 (GCVE-0-2023-49796)
Vulnerability from cvelistv5 – Published: 2023-12-11 20:38 – Updated: 2024-08-02 22:01
VLAI?
Title
MindsDB Arbitrary File Write vulnerability
Summary
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.
Severity ?
5.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-crhp-7c74-cg4c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-crhp-7c74-cg4c"
},
{
"name": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"status": "affected",
"version": "\u003c 23.11.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB\u0027s `staging` branch or v23.11.4.1, which contain a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-11T20:38:25.330Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-crhp-7c74-cg4c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-crhp-7c74-cg4c"
},
{
"name": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe"
}
],
"source": {
"advisory": "GHSA-crhp-7c74-cg4c",
"discovery": "UNKNOWN"
},
"title": "MindsDB Arbitrary File Write vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49796",
"datePublished": "2023-12-11T20:38:25.330Z",
"dateReserved": "2023-11-30T13:39:50.863Z",
"dateUpdated": "2024-08-02T22:01:26.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}