Summary: MindsDB has addressed a critical security vulnerability (CVE-2024-24759) that allowed attackers to bypass Server-Side Request Forgery (SSRF) protections through DNS rebinding, potentially leading to unauthorized access and service disruptions. Users are urged to upgrade to the latest version to mitigate risks associated with this exploit.
Threat Actor: Unknown | unknown
Victim: MindsDB | MindsDB
Key Point :
- The vulnerability allows attackers to bypass SSRF protection, enabling access to sensitive data and execution of arbitrary code.
- DNS rebinding is used to redirect traffic from a public IP to a private IP, compromising internal systems.
- A proof-of-concept exploit code has been published, highlighting the urgency for users to patch their systems.
- All versions prior to v23.12.4.2 are vulnerable; users should upgrade to v23.12.4.3 to ensure security.
MindsDB, the widely-used open-source platform for building AI applications, has patched a severe security vulnerability that could allow attackers to bypass security measures and launch a variety of attacks. The vulnerability, tracked as CVE-2024-24759 with a CVSS score of 9.3 (critical), involves a bypass of Server-Side Request Forgery (SSRF) protection using DNS rebinding, a technique that manipulates domain name resolution.
The flaw allows attackers to bypass SSRF protection, a crucial security measure that prevents malicious requests from being sent from a server on behalf of a user. This bypass could potentially enable attackers to access sensitive data, execute arbitrary code, or even launch denial-of-service attacks.
DNS rebinding is a sophisticated attack technique where the initial DNS query resolves to a public IP address, while subsequent queries are redirected to a private IP address. For example, a domain like make-190.119.176.200-rebind-127.0.0.1-rr.1u.ms could first resolve to 190.119.176.200 (a public address) and then to 127.0.0.1 (a private address) in subsequent DNS lookups. This manipulation allows attackers to direct traffic to internal systems, bypassing protections meant to prevent unauthorized access.
In the case of CVE-2024-24759, the SSRF protection within MindsDB can be bypassed due to this rebinding technique. When the vulnerable is_private_url()
function issues a DNS query, the first request resolves to a public IP address, but thanks to DNS rebinding, the next GET request can access internal resources, exposing sensitive data or leading to potential service disruption.
Security researcher Sim4n6, who discovered the vulnerability, has also published a proof-of-concept exploit code, further emphasizing the urgency of patching the vulnerability. The exploit demonstrates how attackers can leverage DNS rebinding to circumvent MindsDB’s SSRF protection.
All versions of MindsDB prior to v23.12.4.2 are vulnerable to this exploit. The MindsDB development team has since released a patch in v23.12.4.3, which addresses the vulnerability by implementing stronger DNS validation measures to prevent rebinding attacks. Users are strongly advised to upgrade to this patched version immediately to protect their systems from exploitation.