Login Sign Up

CVE-2023-46575

9.8 CRITICAL
Remote Code Execution SQL Injection Authentication Bypass

📋 TL;DR

A SQL injection vulnerability in Meshery allows remote attackers to execute arbitrary SQL commands through the 'order' parameter, potentially leading to data theft and remote code execution. This affects all Meshery deployments running versions prior to v0.6.179.

💻 Affected Systems

Products:
  • Meshery
Versions: All versions prior to v0.6.179
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with the vulnerable endpoint accessible are affected regardless of configuration.

📦 What is this software?

Meshery by Layer5

View all CVEs affecting Meshery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Meshery database, exfiltration of sensitive configuration data, and remote code execution on the underlying server.

🟠

Likely Case

Unauthorized access to sensitive Meshery configuration data, performance metrics, and service mesh management information.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or partial data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection through the 'order' parameter is typically straightforward to exploit with common SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.6.179

Vendor Advisory: https://github.com/meshery/meshery/commit/ffe00967acfe4444a5db08ff3a4cafb9adf6013f

Restart Required: Yes

Instructions:

1. Stop Meshery service. 2. Update to Meshery v0.6.179 or later. 3. Restart Meshery service. 4. Verify the fix by checking the version and testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the 'order' parameter before processing

Not applicable - requires code modification

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

Depends on specific WAF solution

🧯 If You Can't Patch

  • Restrict network access to Meshery endpoints to trusted IPs only
  • Implement database user with minimal required permissions

🔍 How to Verify

Check if Vulnerable:

Check if Meshery version is below v0.6.179 and test the 'order' parameter with SQL injection payloads

Check Version:

mesheryctl version

Verify Fix Applied:

Confirm version is v0.6.179 or later and test that SQL injection attempts are properly rejected

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Error messages containing SQL syntax
  • Multiple failed authentication attempts

Network Indicators:

  • Unusual patterns in HTTP requests to Meshery endpoints
  • SQL keywords in URL parameters

SIEM Query:

source="meshery" AND ("order" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE" OR "--" OR "'"))

📊 Metadata

CVE ID: CVE-2023-46575
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: November 24, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46575, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)