Improper Authentication Affecting surrealdb package, versions <1.5.4>=2.0.0-alpha.1 <2.0.0-alpha.6
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Improper Authentication vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-RUST-SURREALDB-7444614
- published12 Jul 2024
- disclosed11 Jul 2024
- creditUnknown
Introduced: 11 Jul 2024
CVE NOT AVAILABLE CWE-287 (opens in a new tab)How to fix?
Upgrade surrealdb to version 1.5.4, 2.0.0-alpha.6 or higher.
Overview
Affected versions of this package are vulnerable to Improper Authentication through the use method or USE clause. An attacker can impersonate another user and perform unauthorized actions by exploiting identical record identifiers across different databases within the same instance. This is only exploitable if multiple databases in the same SurrealDB instance use explicitly defined or incremental record identifiers to identify users on an identically named table.
Workaround
This vulnerability can be mitigated by ensuring that table PERMISSIONS clauses explicitly check that the $scope parameter matches a scope that is uniquely named across databases in the same SurrealDB instance. Ensuring that record identifiers for users are automatically generated or explicitly generated to be unique across databases may also be sufficient to mitigate this issue, as the $auth parameter will not link to any user record and any PERMISSIONS clauses restricting authorization based on the authenticated user should fail to successfully evaluate.