CVE-2023-30625
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
1.0
Description
rudder-server is vulnerable to SQL injection in github.com/rudderlabs/rudder-server
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Metasploit modules
Source code queued for fetch โ refresh in a moment.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/rudderlabs/rudder-server | <1.3.0-rc.1 | 1.3.0-rc.1 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-30625
- https://github.com/rudderlabs/rudder-server/pull/2652
- https://github.com/rudderlabs/rudder-server/pull/2663
- https://github.com/rudderlabs/rudder-server/pull/2664
- https://github.com/rudderlabs/rudder-server/commit/0d061ff2d8c16845179d215bf8012afceba12a30
- https://github.com/rudderlabs/rudder-server/commit/2f956b7eb3d5eb2de3e79d7df2c87405af25071e
- https://github.com/rudderlabs/rudder-server/commit/9c009d9775abc99e72fc470f4c4c8e8f1775e82a
- https://github.com/rudderlabs/rudder-server
- https://securitylab.github.com/advisories
- https://securitylab.github.com/advisories/GHSL-2022-097_rudder-server
- http://packetstormsecurity.com/files/173837/Rudder-Server-SQL-Injection-Remote-Code-Execution.html
- https://github.com/advisories/GHSA-3jmm-f6jj-rcc3
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.