Anyquery Unauthenticated HTTP API Access Vulnerability Allowing Data Exposure
Vulnerability
A vulnerability in Anyquery versions through 0.4.3 allows unauthorized access to the HTTP server on localhost. This issue enables attackers with low privileges to access private integration data, such as emails, without any notification of a foreign login. The vulnerability arises from the absence of authentication for HTTP servers bound to localhost, particularly when hosted on 0.0.0.0, depending on firewall configurations.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive integration data, including emails, with a higher risk if the data is stored in local tables.
Reproduction
To reproduce this vulnerability, install the IMAP integration and configure it with a Gmail account. Then, run Anyquery with the 'gpt' command, specifying the host as '127.0.0.1' and the port as '8080'. Afterward, send a POST request to the '/execute-query' endpoint, making a SELECT query likely targeting the 'imap_emails' table.
Remediation
Users can update to Anyquery version 0.4.4 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.