CVE-2024-34693 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-34693?

CVE-2024-34693 has a CVSS score of 6.8 (MEDIUM). This vulnerability allows authenticated attackers in Apache Superset to create MariaDB connections with local_infile enabled, potentially reading arbitrary files from the web server if both MariaDB server and client configurations permit it. It affects Apache Superset versions before 3.1.3 and version 4.0.0. Attackers could exfiltrate sensitive server files through database operations.

📋 TL;DR

This vulnerability allows authenticated attackers in Apache Superset to create MariaDB connections with local_infile enabled, potentially reading arbitrary files from the web server if both MariaDB server and client configurations permit it. It affects Apache Superset versions before 3.1.3 and version 4.0.0. Attackers could exfiltrate sensitive server files through database operations.

💻 Affected Systems

Products:

Apache Superset

Versions: Versions before 3.1.3 and version 4.0.0

Operating Systems: All operating systems running Apache Superset

Default Config Vulnerable: ✅ No

Notes: Requires both MariaDB server local_infile enabled (off by default) and client configuration allowing local infile. Authenticated attacker access is required.

📦 What is this software?

Superset by Apache

View all CVEs affecting Superset →

Superset by Apache

View all CVEs affecting Superset →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker reads sensitive files (config files, credentials, private keys) from the web server and exfiltrates them via database insertion, potentially leading to full system compromise.

🟠

Likely Case

Authenticated attacker with database connection privileges reads accessible files from the web server, potentially exposing configuration data or other sensitive information.

🟢

If Mitigated

With proper input validation and secure configurations, file read attempts are blocked and logged.

🌐 Internet-Facing: MEDIUM - Requires authenticated access and specific MariaDB configurations, but internet-facing Superset instances are attractive targets.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials could exploit this to read sensitive files from the Superset server.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access to Superset, ability to create MariaDB connections, and specific database configurations. The vulnerability details are publicly disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.1 or 3.1.3

Vendor Advisory: https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon

Restart Required: Yes

Instructions:

1. Backup your Superset instance and database. 2. Upgrade to Apache Superset 4.0.1 or 3.1.3 using pip: 'pip install apache-superset==4.0.1' or 'pip install apache-superset==3.1.3'. 3. Run 'superset db upgrade'. 4. Restart the Superset service.

🔧 Temporary Workarounds

Disable local_infile on MariaDB servers

all

Configure MariaDB servers to disable local_infile functionality

Add 'local-infile=0' to MariaDB server configuration file (my.cnf or my.ini) under [mysqld] section

Restrict database connection privileges

all

Limit which users can create MariaDB connections in Superset

🧯 If You Can't Patch

Implement strict network segmentation to isolate Superset instances from sensitive file systems
Enable detailed logging of database connection attempts and file access patterns for monitoring

🔍 How to Verify

Check if Vulnerable:

Check Superset version: 'superset version' or examine package version. If version is <3.1.3 or exactly 4.0.0, you are vulnerable.

Check Version:

superset version

Verify Fix Applied:

After upgrade, verify version is 3.1.3 or 4.0.1 or higher using 'superset version' command.

📡 Detection & Monitoring

Log Indicators:

Unusual MariaDB connection attempts with local_infile parameter
SQL queries containing LOAD DATA LOCAL INFILE commands from Superset users
Multiple file read attempts via database operations

Network Indicators:

Unexpected outbound connections from Superset server to MariaDB with file transfer patterns

SIEM Query:

source="superset.logs" AND ("local_infile" OR "LOAD DATA LOCAL")

📊 Metadata

CVE ID: CVE-2024-34693

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-20

Published: June 20, 2024

Last Updated: February 13, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2024/06/20/1 Mailing List
https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon Mailing List
http://www.openwall.com/lists/oss-security/2024/06/20/1 Mailing List
https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34693, you might also want to check these: