4.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-29195

GHSA ID

GHSA-pqj7-jx24-wj7w

EPSS Score

0.293%

CWE

CWE-20

Published

5/11/2023

Updated

11/11/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-29195

CVE-2023-29195: VTAdmin users that can create shards can deny access to other functions

Impact

Users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using vtctldclient does not have the same problem because the CLI validates the input correctly.

Patches

v16.0.2, corresponding to 0.16.2 on pkg.go.dev

Workarounds

Always use vtctldclient to create shards, instead of using VTAdmin
Disable creating shards from VTAdmin using RBAC
Delete the topology record for the offending shard using the client for your topology server. For example, if you created a shard called a/b in keyspace commerce, and you are running etcd, it can be deleted by doing something like

% etcdctl --endpoints "http://${ETCD_SERVER}" del /vitess/global/keyspaces/commerce/shards/a/b/Shard

References

https://github.com/vitessio/vitess/issues/12842

Found during a security audit sponsored by the CNCF and facilitated by OSTIF.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-29195

CVE-2023-29195:

4.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-29195

GHSA ID

GHSA-pqj7-jx24-wj7w

EPSS Score

0.293%

CWE

CWE-20

Published

5/11/2023

Updated

11/11/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
vitess.io/vitess	go	< 0.16.2	0.16.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper input validation when creating shards via VTAdmin. The commit diff shows the patch added a check for '/' in ValidateShardName (go/vt/topo/shard.go). Since vtctldclient properly validated inputs and VTAdmin did not, the unpatched version of ValidateShardName was the root cause. The function's failure to sanitize '/' characters directly enabled the creation of malformed shard names, leading to topology corruption.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-29195: VTAdmin users that can create shards can deny access to other functions

Impact

Patches

Workarounds

References

CVE-2023-29195:

4.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

4.1

4.1

CVE-2023-29195: VTAdmin users that can create shards can deny access to other functions

Impact

Patches

Workarounds

References

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI