CVE-2023-30625

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jun 16, 2023

Updated: Jul 31, 2023

CWE ID 89

Summary

CVE-2023-30625 is a vulnerability affecting the rudder-server component of RudderStack, an open-source Customer Data Platform (CDP). Prior to version 1.3.0-rc.1, rudder-server is susceptible to SQL injection, which could potentially result in Remote Code Execution (RCE). This risk exists due to the `rudder` role in PostgreSQL, which comes with superuser permissions by default. Users are urged to upgrade to version 1.3.0-rc.1 to apply the necessary patches and mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

RudderStack

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rqgkjI
https://www.cve.org/CVERecord?id=CVE-2023-30625
https://nvd.nist.gov/vuln/detail/CVE-2023-30625

Back to Vulnerability Database

CVE-2023-30625

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations