Login Sign Up

CVE-2023-30620

7.5 HIGH
Path Traversal

📋 TL;DR

CVE-2023-30620 is a path traversal vulnerability in mindsdb's tarball extraction that allows attackers to write files to arbitrary locations on the server. This affects all users running mindsdb versions before 23.2.1.0 who process remotely retrieved tarballs. The vulnerability enables file overwrites but not file disclosure.

💻 Affected Systems

Products:
  • mindsdb
Versions: All versions before 23.2.1.0
Operating Systems: All platforms running mindsdb
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when processing remotely retrieved tarballs via the affected extraction function.

📦 What is this software?

Mindsdb by Mindsdb

View all CVEs affecting Mindsdb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through overwriting critical system files, configuration files, or creating backdoors, potentially leading to remote code execution.

🟠

Likely Case

Service disruption through overwriting application files, configuration corruption, or denial of service by overwriting critical files.

🟢

If Mitigated

Limited impact if the server runs with minimal permissions, filesystem protections are in place, and only trusted tarballs are processed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the ability to provide a malicious tarball to the mindsdb instance for processing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.2.1.0

Vendor Advisory: https://github.com/mindsdb/mindsdb/security/advisories/GHSA-2g5w-29q9-w6hx

Restart Required: Yes

Instructions:

1. Backup your mindsdb configuration and data. 2. Stop the mindsdb service. 3. Upgrade to version 23.2.1.0 or later using your package manager or pip. 4. Restart the mindsdb service. 5. Verify the upgrade was successful.

🔧 Temporary Workarounds

No known workarounds

all

The vendor advisory states there are no known workarounds for this vulnerability.

🧯 If You Can't Patch

  • Restrict mindsdb service account permissions to minimal required access.
  • Implement strict input validation and only allow tarballs from trusted sources.

🔍 How to Verify

Check if Vulnerable:

Check mindsdb version: if version is less than 23.2.1.0, the system is vulnerable.

Check Version:

mindsdb --version or pip show mindsdb | grep Version

Verify Fix Applied:

Verify mindsdb version is 23.2.1.0 or higher and check that the tarfile.extractall() usage has been replaced with secure extraction methods.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file write operations outside expected directories
  • Errors from tar extraction with path traversal attempts
  • Unexpected file modification timestamps in system directories

Network Indicators:

  • Unusual tarball downloads to mindsdb instances
  • Requests to mindsdb with malicious archive payloads

SIEM Query:

source="mindsdb.log" AND ("tarfile.extractall" OR "path traversal" OR "../")

📊 Metadata

CVE ID: CVE-2023-30620
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-22
Published: April 21, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30620, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)