Dataease SQLBot Privilege Vulnerability in API Access Control
Vulnerability
A vulnerability exists in Dataease SQLBot versions prior to 1.4.0, specifically within the API endpoint assistant.py. This vulnerability allows for improper access controls, enabling authenticated users to perform unauthorized actions. The issue can be exploited remotely, and a public exploit is available. The vulnerability has been addressed in version 1.5.0.
Impact
Exploitation of this vulnerability allows authenticated users to bypass access controls and perform unauthorized actions, such as modifying or deleting resources.
Reproduction
To reproduce this vulnerability, log into the SQLBot application as a low-privileged user. Once logged in, obtain a valid 'x-sqlbot-token'. This token can be used to authenticate requests to the API endpoints that lack proper authorization checks. For example, the 'POST /api/v1/datasource/check' endpoint can be accessed without authorization, leading to unauthorized actions such as checking datasource connections or modifying datasource configurations.
Remediation
Upgrade to Dataease SQLBot version 1.5.0, which includes the necessary access control fixes.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.