Glances Cassandra Export Module CQL Injection Vulnerability

A CQL injection vulnerability has been identified in the Cassandra export module of Glances, a cross-platform system monitoring tool. This issue affects versions prior to 4.5.4. The vulnerability arises because the module interpolates keyspace, table, and replication_factor configuration values directly into CQL statements without proper validation. As a result, a user with write access to the glances.conf file can redirect monitoring data to an attacker-controlled Cassandra keyspace.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation of CQL statements, leading to data exfiltration and loss. All monitoring data exported to Cassandra is redirected to the attacker's specified keyspace, overwriting any legitimate data.

Reproduction

To reproduce this vulnerability, first configure the glances.conf file with a malicious table value that includes an attacker-controlled keyspace. After creating the specified keyspace in Cassandra, run Glances with the Cassandra export option. The monitoring data will be inserted into the attacker's table instead of a legitimate one, confirming the exploitation.

Remediation

Users can upgrade to Glances version 4.5.4 or later, where this vulnerability has been fixed.