CVE-2023-7333

Description

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

Low

Integrity (Vulnerable System)

Low

Availability (Vulnerable System)

Low

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Changed

Affected products

bluelabsio / records-mover1.5.0 – 1.5.0
bluelabsio / records-mover1.5.1 – 1.5.1
bluelabsio / records-mover1.5.2 – 1.5.2
bluelabsio / records-mover1.5.3 – 1.5.3
bluelabsio / records-mover1.5.4 – 1.5.4
bluelabsio / records-mover1.6.0 – 1.6.0

References

MISChttps://vuldb.com/?id.339566
MISChttps://vuldb.com/?ctiid.339566
PATCHhttps://github.com/bluelabsio/records-mover/pull/254
PATCHhttps://github.com/bluelabsio/records-mover/commit/3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa
PATCHhttps://github.com/bluelabsio/records-mover/releases/tag/v1.6.0
MISChttps://github.com/bluelabsio/records-mover/