What is CVE-2023-37924?

CVE-2023-37924 is a vulnerability in Apache Submarine that allows SQL injection from unauthorized login, potentially resulting in unauthorized access.

What is the severity of CVE-2023-37924?

The severity of CVE-2023-37924 is not specified in the provided information. It is always recommended to promptly apply the fix to mitigate any potential risk.

How does CVE-2023-37924 impact Apache Submarine?

CVE-2023-37924 can allow unauthorized login through SQL injection, which can result in unauthorized access to Apache Submarine.

How can I fix CVE-2023-37924?

To fix CVE-2023-37924, upgrade your Apache Submarine version to 0.8.0 or later, as this vulnerability has been fixed in the 0.8.0 release.

Where can I find more information about CVE-2023-37924?

You can find more information about CVE-2023-37924 in the following references: [link1](https://issues.apache.org/jira/browse/SUBMARINE-1361), [link2](https://github.com/apache/submarine/pull/1037), [link3](https://lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r)

Vulnerability/
CVE-2023-37924

critical

9.8

CWE

22/11/2023

2/8/2024

CVE-2023-37924: Apache Submarine: SQL injection from unauthorized login

First published: Wed Nov 22 2023(Updated: )

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
pip/apache-submarine	>=0.7.0<0.8.0	0.8.0
Apache Submarine	>=0.7.0<0.8.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-37924?
CVE-2023-37924 is a vulnerability in Apache Submarine that allows SQL injection from unauthorized login, potentially resulting in unauthorized access.
What is the severity of CVE-2023-37924?
The severity of CVE-2023-37924 is not specified in the provided information. It is always recommended to promptly apply the fix to mitigate any potential risk.
How does CVE-2023-37924 impact Apache Submarine?
CVE-2023-37924 can allow unauthorized login through SQL injection, which can result in unauthorized access to Apache Submarine.
How can I fix CVE-2023-37924?
To fix CVE-2023-37924, upgrade your Apache Submarine version to 0.8.0 or later, as this vulnerability has been fixed in the 0.8.0 release.
Where can I find more information about CVE-2023-37924?
You can find more information about CVE-2023-37924 in the following references: [link1](https://issues.apache.org/jira/browse/SUBMARINE-1361), [link2](https://github.com/apache/submarine/pull/1037), [link3](https://lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r)

collector/oss-sec
alias/CVE-2023-37924
collector/nvd-api
collector/github-advisory-latest
alias/GHSA-v5gj-fx3g-hcpw
collector/nvd-cve
collector/github-advisory
agent/type
agent/author
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/severity
agent/references
agent/title
agent/weakness
agent/description
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/apache
canonical/apache submarine
version/apache submarine/0.7.0
package-manager/pip