Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-30625

Published: 16/06/2023 Updated: 31/07/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Rudder-server

Vulnerability Summary

rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server before 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.

Vulnerable Product Search on Vulmon Subscribe to Product

rudderstack rudder-server

Vendor Advisories

Check Point Security Alerts: RudderStack SQL Injection (CVE-2023-30625)
Check Point Reference: CPAI-2023-1354 Date Published: 10 Dec 2023 Severity: High ...

Exploits

Exploit DB: Rudder Server SQL Injection / Remote Code Execution
This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform (CDP) The vulnerability exists in versions of rudder-server prior to 130-rc1 By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may lead to remote code execution due to the rudder role ...

References

CWE-89https://github.com/rudderlabs/rudder-server/commit/0d061ff2d8c16845179d215bf8012afceba12a30https://github.com/rudderlabs/rudder-server/commit/9c009d9775abc99e72fc470f4c4c8e8f1775e82ahttps://github.com/rudderlabs/rudder-server/pull/2652https://github.com/rudderlabs/rudder-server/pull/2663https://github.com/rudderlabs/rudder-server/pull/2664https://securitylab.github.com/advisories/GHSL-2022-097_rudder-server/https://github.com/rudderlabs/rudder-server/commit/2f956b7eb3d5eb2de3e79d7df2c87405af25071ehttp://packetstormsecurity.com/files/173837/Rudder-Server-SQL-Injection-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/173837/Rudder-Server-SQL-Injection-Remote-Code-Execution.htmlhttps://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-1354.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook