Improper Authentication Affecting surrealdb-core package, versions <1.5.1


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Improper Authentication vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-RUST-SURREALDBCORE-7444615
  • published12 Jul 2024
  • disclosed11 Jul 2024
  • creditUnknown

Introduced: 11 Jul 2024

CVE NOT AVAILABLE CWE-287  (opens in a new tab)

How to fix?

Upgrade surrealdb-core to version 1.5.1 or higher.

Overview

Affected versions of this package are vulnerable to Improper Authentication through the use method or USE clause. An attacker can impersonate another user and perform unauthorized actions by exploiting identical record identifiers across different databases within the same instance. This is only exploitable if multiple databases in the same SurrealDB instance use explicitly defined or incremental record identifiers to identify users on an identically named table.

Workaround

This vulnerability can be mitigated by ensuring that table PERMISSIONS clauses explicitly check that the $scope parameter matches a scope that is uniquely named across databases in the same SurrealDB instance. Ensuring that record identifiers for users are automatically generated or explicitly generated to be unique across databases may also be sufficient to mitigate this issue, as the $auth parameter will not link to any user record and any PERMISSIONS clauses restricting authorization based on the authenticated user should fail to successfully evaluate.

CVSS Scores

version 4.0
version 3.1