CVE-2024-28251

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 5.6 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/pinterest/querybook/pull/1425
https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767
https://github.com/pinterest/querybook/pull/1425
https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767

Configurations

No configuration.

History

21 Nov 2024, 09:06

Type	Values Removed	Values Added
References	~~() https://github.com/pinterest/querybook/pull/1425 -~~	() https://github.com/pinterest/querybook/pull/1425 -
References	~~() https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767 -~~	() https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767 -

14 Mar 2024, 12:52

Type	Values Removed	Values Added
Summary		(es) Querybook es una interfaz de usuario de consulta de Big Data que combina metadatos de tablas colocadas y una interfaz de cuaderno simple. La funcionalidad de documentos de datos de Querybook funciona mediante un servidor Websocket. El cliente habla con este WSS cada vez que actualiza, elimina o lee cualquier celda, así como para observar el estado en vivo de las ejecuciones de consultas. Actualmente, la configuración CORS permite todos los orígenes, lo que podría resultar en el secuestro de websocket entre sitios y permitir a los atacantes leer/editar/eliminar documentos de datos del usuario. Este problema se solucionó en la versión 3.32.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.

14 Mar 2024, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-14 00:15

Updated : 2024-11-21 09:06

NVD link : CVE-2024-28251

Mitre link : CVE-2024-28251

CVE.ORG link : CVE-2024-28251

JSON object : View

Products Affected

No product.

CWE

CWE-345

Insufficient Verification of Data Authenticity

5.6 /10