CVE-2023-7333
📋 TL;DR
This CVE describes a SQL injection vulnerability in bluelabsio records-mover up to version 1.5.4, specifically in the Table Object Handler component. Attackers with local access can execute arbitrary SQL commands, potentially compromising data integrity and confidentiality. Users of records-mover versions 1.5.4 and earlier are affected.
💻 Affected Systems
- bluelabsio records-mover
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains full database access, allowing data theft, modification, or deletion, and potentially privilege escalation through database operations.
Likely Case
Local user with malicious intent executes SQL commands to read, modify, or delete sensitive data within the application's database scope.
If Mitigated
With proper access controls and network segmentation, impact is limited to the local system's database operations without broader network compromise.
🎯 Exploit Status
Exploitation requires local access to the system running records-mover; no public exploit code has been identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.0
Vendor Advisory: https://github.com/bluelabsio/records-mover/releases/tag/v1.6.0
Restart Required: Yes
Instructions:
1. Stop any running records-mover processes. 2. Upgrade to version 1.6.0 using pip: 'pip install records-mover==1.6.0'. 3. Restart the application and verify functionality.
🔧 Temporary Workarounds
Restrict Local Access
allLimit local system access to trusted users only through proper authentication and authorization controls.
Database Input Validation
allImplement additional input validation and parameterized queries in custom code that interacts with the Table Object Handler.
🧯 If You Can't Patch
- Implement strict access controls to limit which users can execute records-mover commands locally.
- Monitor database logs for unusual SQL queries originating from records-mover processes.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of records-mover: 'pip show records-mover' and verify if version is 1.5.4 or earlier.Check Version:
pip show records-mover | grep VersionVerify Fix Applied:
After upgrading, run 'pip show records-mover' to confirm version 1.6.0 is installed and test application functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs from records-mover processes
- Multiple failed SQL syntax attempts from application
Network Indicators:
- N/A - Local vulnerability only
SIEM Query:
Search for database error logs containing SQL syntax errors from records-mover process IDs or unusual query patterns.🔗 References
- https://github.com/bluelabsio/records-mover/
- https://github.com/bluelabsio/records-mover/commit/3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa
- https://github.com/bluelabsio/records-mover/pull/254
- https://github.com/bluelabsio/records-mover/releases/tag/v1.6.0
- https://vuldb.com/?ctiid.339566
- https://vuldb.com/?id.339566
