SurrealDB
- <= 1.5.3
- <= 2.0.0-alpha.5
- <= 1.5.0
- <= 1.5.1
A vulnerability exists in SurrealDB versions prior to 1.5.4 and 2.0.0-alpha.6, where the database authentication process is not properly validated when a scope user switches databases using the 'USE' clause or method. This flaw allows attackers with an authenticated session to impersonate an unrelated user in a different database, provided a user record with the same identifier exists. Such impersonation could enable unauthorized actions if the user's permissions are solely based on the $auth parameter.
Exploitation of this vulnerability could lead to unauthorized actions being performed under the identity of an unrelated user in a different database, potentially allowing access to sensitive data or functionalities, depending on the permissions assigned to the impersonated user.
Users can update to SurrealDB version 1.5.4 or 2.0.0-alpha.6 or later, where this vulnerability has been patched. For those unable to update, it is recommended to ensure that table 'PERMISSIONS' clauses explicitly check that the $scope parameter matches a scope that is uniquely named across databases in the same SurrealDB instance. Additionally, using record identifiers that are automatically generated or explicitly defined to be unique across databases can help mitigate this issue.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.