CVE-2024-28251 - Vulnerability Details

Link	Providers
https://github.com/pinterest/querybook/pull/1425
https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28251", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-07T14:33:30.036Z", "datePublished": "2024-03-13T23:21:28.115Z", "dateUpdated": "2024-08-02T00:48:49.563Z"}, "containers": {"cna": {"title": "Cross-site websocket hijacking in Querybook", "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "lang": "en", "description": "CWE-345: Insufficient Verification of Data Authenticity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767"}, {"name": "https://github.com/pinterest/querybook/pull/1425", "tags": ["x_refsource_MISC"], "url": "https://github.com/pinterest/querybook/pull/1425"}], "affected": [{"vendor": "pinterest", "product": "querybook", "versions": [{"version": "< 3.32.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-13T23:21:28.115Z"}, "descriptions": [{"lang": "en", "value": "Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-5349-j4c9-x767", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28251", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-14T15:47:05.342250Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T18:03:05.611Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.563Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767"}, {"name": "https://github.com/pinterest/querybook/pull/1425", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pinterest/querybook/pull/1425"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28251", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-07T14:33:30.036Z", "datePublished": "2024-03-13T23:21:28.115Z", "dateUpdated": "2024-06-04T18:03:05.611Z"}, "containers": {"cna": {"title": "Cross-site websocket hijacking in Querybook", "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "lang": "en", "description": "CWE-345: Insufficient Verification of Data Authenticity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767"}, {"name": "https://github.com/pinterest/querybook/pull/1425", "tags": ["x_refsource_MISC"], "url": "https://github.com/pinterest/querybook/pull/1425"}], "affected": [{"vendor": "pinterest", "product": "querybook", "versions": [{"version": "< 3.32.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-13T23:21:28.115Z"}, "descriptions": [{"lang": "en", "value": "Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-5349-j4c9-x767", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28251", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-14T15:47:05.342250Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:17.736Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"descriptions": [{"lang": "en", "value": "Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Querybook es una interfaz de usuario de consulta de Big Data que combina metadatos de tablas colocadas y una interfaz de cuaderno simple. La funcionalidad de documentos de datos de Querybook funciona mediante un servidor Websocket. El cliente habla con este WSS cada vez que actualiza, elimina o lee cualquier celda, as\u00ed como para observar el estado en vivo de las ejecuciones de consultas. Actualmente, la configuraci\u00f3n CORS permite todos los or\u00edgenes, lo que podr\u00eda resultar en el secuestro de websocket entre sitios y permitir a los atacantes leer/editar/eliminar documentos de datos del usuario. Este problema se solucion\u00f3 en la versi\u00f3n 3.32.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2024-28251", "lastModified": "2024-11-21T09:06:05.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-14T00:15:33.630", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/pinterest/querybook/pull/1425"}, {"source": "security-advisories@github.com", "url": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/pinterest/querybook/pull/1425"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object