Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List Filters
Impact
List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters.
Workarounds
The attacker needs to have access to the flyteadmin installation (typically either behind a VPN or authentication).
References
https://owasp.org/www-community/attacks/SQL_Injection#
Permalink: https://github.com/advisories/GHSA-r847-6w6h-r8g4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 6 months ago
Updated: 6 months ago
CVSS Score: 3.5
CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Identifiers: GHSA-r847-6w6h-r8g4, CVE-2023-41891
References:
- https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4
- https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd
- https://nvd.nist.gov/vuln/detail/CVE-2023-41891
- https://owasp.org/www-community/attacks/SQL_Injection#
- https://github.com/advisories/GHSA-r847-6w6h-r8g4
Blast Radius: 2.4
Affected Packages
go:github.com/flyteorg/flyteadmin
Dependent packages: 2Dependent repositories: 5
Downloads:
Affected Version Ranges: < 1.1.124
Fixed in: 1.1.124
All affected versions: 0.1.0, 0.1.1, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.3.10, 0.3.11, 0.3.12, 0.3.13, 0.3.14, 0.3.15, 0.3.16, 0.3.17, 0.3.18, 0.3.19, 0.3.20, 0.3.21, 0.3.22, 0.3.23, 0.3.24, 0.3.25, 0.3.26, 0.3.27, 0.3.28, 0.3.29, 0.3.30, 0.3.31, 0.3.32, 0.3.33, 0.3.34, 0.3.35, 0.3.36, 0.3.37, 0.3.38, 0.3.39, 0.3.40, 0.3.41, 0.3.42, 0.3.43, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.14, 0.4.15, 0.4.16, 0.4.17, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.5.7, 0.5.8, 0.5.9, 0.5.10, 0.5.11, 0.5.12, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.6.10, 0.6.11, 0.6.12, 0.6.13, 0.6.14, 0.6.15, 0.6.16, 0.6.17, 0.6.18, 0.6.19, 0.6.20, 0.6.21, 0.6.22, 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6.28, 0.6.29, 0.6.30, 0.6.31, 0.6.32, 0.6.33, 0.6.34, 0.6.35, 0.6.36, 0.6.37, 0.6.38, 0.6.39, 0.6.40, 0.6.41, 0.6.42, 0.6.43, 0.6.44, 0.6.45, 0.6.46, 0.6.47, 0.6.48, 0.6.49, 0.6.50, 0.6.51, 0.6.52, 0.6.53, 0.6.54, 0.6.55, 0.6.56, 0.6.57, 0.6.58, 0.6.59, 0.6.60, 0.6.61, 0.6.62, 0.6.63, 0.6.64, 0.6.65, 0.6.66, 0.6.67, 0.6.68, 0.6.69, 0.6.70, 0.6.71, 0.6.72, 0.6.73, 0.6.74, 0.6.75, 0.6.76, 0.6.77, 0.6.78, 0.6.79, 0.6.80, 0.6.81, 0.6.82, 0.6.83, 0.6.84, 0.6.85, 0.6.86, 0.6.87, 0.6.88, 0.6.89, 0.6.90, 0.6.91, 0.6.92, 0.6.93, 0.6.94, 0.6.95, 0.6.96, 0.6.97, 0.6.98, 0.6.99, 0.6.100, 0.6.101, 0.6.102, 0.6.103, 0.6.104, 0.6.105, 0.6.106, 0.6.107, 0.6.108, 0.6.109, 0.6.110, 0.6.111, 0.6.112, 0.6.113, 0.6.114, 0.6.115, 0.6.116, 0.6.117, 0.6.118, 0.6.119, 0.6.120, 0.6.121, 0.6.122, 0.6.123, 0.6.124, 0.6.125, 0.6.126, 0.6.127, 0.6.128, 0.6.129, 0.6.130, 0.6.131, 0.6.132, 0.6.133, 0.6.134, 0.6.135, 0.6.136, 0.6.137, 0.6.138, 0.6.139, 0.6.140, 0.6.141, 0.6.142, 0.6.143, 0.6.144, 0.6.145, 0.6.146, 0.6.147, 0.6.148, 0.6.149, 0.6.150, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.1.16, 1.1.17, 1.1.18, 1.1.19, 1.1.20, 1.1.21, 1.1.22, 1.1.23, 1.1.24, 1.1.25, 1.1.26, 1.1.27, 1.1.28, 1.1.29, 1.1.30, 1.1.31, 1.1.32, 1.1.33, 1.1.34, 1.1.35, 1.1.36, 1.1.37, 1.1.38, 1.1.39, 1.1.40, 1.1.41, 1.1.42, 1.1.43, 1.1.44, 1.1.45, 1.1.46, 1.1.47, 1.1.48, 1.1.49, 1.1.50, 1.1.51, 1.1.52, 1.1.53, 1.1.54, 1.1.55, 1.1.56, 1.1.57, 1.1.58, 1.1.59, 1.1.60, 1.1.61, 1.1.62, 1.1.63, 1.1.64, 1.1.65, 1.1.66, 1.1.67, 1.1.68, 1.1.69, 1.1.70, 1.1.71, 1.1.72, 1.1.73, 1.1.74, 1.1.75, 1.1.76, 1.1.77, 1.1.78, 1.1.79, 1.1.80, 1.1.81, 1.1.82, 1.1.83, 1.1.84, 1.1.85, 1.1.86, 1.1.87, 1.1.88, 1.1.89, 1.1.90, 1.1.91, 1.1.92, 1.1.93, 1.1.94, 1.1.95, 1.1.96, 1.1.97, 1.1.98, 1.1.99, 1.1.100, 1.1.101, 1.1.102, 1.1.103, 1.1.104, 1.1.105, 1.1.106, 1.1.107, 1.1.108, 1.1.109, 1.1.110, 1.1.111, 1.1.112, 1.1.113, 1.1.114, 1.1.115, 1.1.116, 1.1.117, 1.1.118, 1.1.119, 1.1.120, 1.1.121, 1.1.122, 1.1.123
All unaffected versions: 1.1.124, 1.1.125, 1.1.126, 1.1.127, 1.1.128, 1.1.129, 1.1.130, 1.1.131