CVE-2023-41891

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 30, 2023

Updated: Nov 7, 2023

CWE ID 89

Summary

CVE-2023-41891 is a SQL vulnerability affecting FlyteAdmin, the control plane for Flyte used for managing entities and administering workflow executions. Malicious users with access to the FlyteAdmin installation, often behind a VPN or through authentication, can exploit this vulnerability by sending custom SQL statements as list filters through REST requests. The flaw, present before version 1.1.124, can potentially expose sensitive data. Version 1.1.124 includes a patch to address this issue and mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Flyte

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sj2yBe
https://www.cve.org/CVERecord?id=CVE-2023-41891
https://nvd.nist.gov/vuln/detail/CVE-2023-41891

Back to Vulnerability Database

CVE-2023-41891

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations