CVE-2023-49796: MindsDB Arbitrary File Write vulnerability

First published: Mon Dec 11 2023(Updated: )

### Impact The put method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled `name` value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. This issue may lead to arbitrary file write. This vulnerability allows for writing files anywhere on the server that the filesystem permissions that the running server has access to. ### Patches Use mindsdb staging branch or v23.11.4.1 ### References * GHSL-2023-184 * See [CodeQL path injection prevention guidelines](https://codeql.github.com/codeql-query-help/python/py-path-injection/) and [OWASP guidelines](https://owasp.org/www-community/attacks/Path_Traversal).

Credit: security-advisories@github.com security-advisories@github.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-api
• collector/nvd-cve
• agent/author
• agent/type
• agent/softwarecombine
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• agent/weakness
• agent/remedy
• agent/severity
• agent/title
• agent/description
• agent/event
• collector/github-advisory-latest
• source/GitHub
• alias/GHSA-crhp-7c74-cg4c
• alias/CVE-2023-49796
• agent/software-canonical-lookup
• agent/last-modified-date
• agent/references
• collector/github-advisory
• agent/tags
• agent/trending
• vendor/mindsdb
• canonical/mindsdb mindsdb
• version/mindsdb mindsdb/23.7.4.1
• package-manager/pip