SurrealDB, Authorization Bypass, CVE-2024-XXXX (Critical)

Listen to this Post

The vulnerability in SurrealDB’s LIVE SELECT statements stems from an incorrect security context application during the generation of real-time change notifications. When a user with a restricted permission set subscribes to a live query on a table, the system fails to properly re-apply that user’s security predicates to documents involved in DELETE operations or those matching the WHERE clause of the subscription during an update by a privileged user. Instead, the notification payload is constructed using the full document from the triggering user’s context, which has higher privileges. This flaw allows a low-privilege subscriber to receive full, unauthorized document data whenever another user modifies or deletes a record, effectively bypassing row-level security controls and leaking sensitive information.
Platform: SurrealDB
Version: <2.1.9, <2.2.8, <2.3.8, <3.0.0-alpha.8
Vulnerability: Authorization Bypass
Severity: Critical

date: 2024

Prediction: 2024-04-15

What Undercode Say:

`LIVE SELECT FROM table WHERE condition;`

`DEFINE TABLE user PERMISSIONS FOR select WHERE user = $auth;`

`– Subject: [CVE-2024-XXXX] SurrealDB Security Advisory`

How Exploit:

Subscribe to live query on a shared table. Monitor for notifications triggered by admin actions. Capture unauthorized data payloads from real-time updates and deletes.

Protection from this CVE:

Upgrade to patched versions: 2.1.9, 2.2.8, 2.3.8, or later. Isolate sensitive data into separate tables with strict access controls. Audit and minimize live query permissions.

Impact:

Confidentiality breach. Unauthorized data disclosure from table. Information leak dependent on other users’ actions. Bypasses access controls.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top