Vulnerability identifier: #VU92935

Vulnerability risk: Medium

CVSSv3.1: 4.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-34693

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Apache Superset
Web applications / Other software

Vendor: Apache Foundation

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apache Superset: 4.0.0, 3.0.0 - 3.1.2

---

External links
http://lists.apache.org/thread/6zhq3hhkfsj4753mvczjgg8dmnc4zqcr

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.