CVE-2023-35844 – This vulnerability in Lightdash allows attacker... (How to Fix)

Q: What is the severity of CVE-2023-35844?

CVE-2023-35844 has a CVSS score of 7.5 (HIGH). This vulnerability in Lightdash allows attackers to perform directory traversal attacks through insecure file endpoints. Attackers can access arbitrary files on the server by using '..' sequences and bypass file extension restrictions. All Lightdash instances before version 0.510.3 are affected.

📋 TL;DR

This vulnerability in Lightdash allows attackers to perform directory traversal attacks through insecure file endpoints. Attackers can access arbitrary files on the server by using '..' sequences and bypass file extension restrictions. All Lightdash instances before version 0.510.3 are affected.

💻 Affected Systems

Products:

Lightdash

Versions: All versions before 0.510.3

Operating Systems: All operating systems running Lightdash

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the file router endpoints in the backend package, specifically in packages/backend/src/routers

📦 What is this software?

Lightdash by Lightdash

View all CVEs affecting Lightdash →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through arbitrary file read/write, potentially leading to sensitive data exposure, credential theft, or remote code execution.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, credentials, or user data stored on the server.

🟢

If Mitigated

Limited impact with proper file system permissions and network segmentation, but still potential for information disclosure.

🌐 Internet-Facing: HIGH - Directory traversal vulnerabilities are easily exploitable and can lead to significant data exposure.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to access sensitive files, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal attacks are well-understood and typically easy to exploit with basic HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.510.3

Vendor Advisory: https://github.com/lightdash/lightdash/security/advisories

Restart Required: Yes

Instructions:

1. Update Lightdash to version 0.510.3 or later. 2. Restart the Lightdash service. 3. Verify the fix by checking the version and testing file endpoints.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Lightdash file endpoints using firewall rules or reverse proxy configurations.

File System Permissions Hardening

linux

Apply strict file system permissions to limit what files Lightdash can access.

🧯 If You Can't Patch

Implement strict input validation and sanitization for all file path parameters
Deploy a web application firewall (WAF) with directory traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check if Lightdash version is below 0.510.3. Test file endpoints with directory traversal payloads like '../../etc/passwd'.

Check Version:

Check Lightdash web interface settings or run: docker inspect lightdash_lightdash | grep -i version

Verify Fix Applied:

After updating to 0.510.3+, test that directory traversal attempts are properly blocked and return appropriate error responses.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '..' sequences in file paths
Unusual file access patterns from unexpected IP addresses
Error logs showing blocked path traversal attempts

Network Indicators:

HTTP requests with encoded directory traversal sequences (%2e%2e%2f)
Multiple failed attempts to access restricted file paths

SIEM Query:

source="lightdash.logs" AND (http_uri="*..*" OR http_uri="*%2e%2e*")

📊 Metadata

CVE ID: CVE-2023-35844

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: June 19, 2023

Last Updated: December 12, 2024

🔗 References

https://advisory.dw1.io/59 Exploit,Third Party Advisory
https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c Patch
https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3 Release Notes
https://github.com/lightdash/lightdash/pull/5090 Patch
https://advisory.dw1.io/59 Exploit,Third Party Advisory
https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c Patch
https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3 Release Notes
https://github.com/lightdash/lightdash/pull/5090 Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35844, you might also want to check these: