Bug 2127870 - redis: lack of sanitization of user-supplied inputs when constructing cypher queries in acm
Summary: redis: lack of sanitization of user-supplied inputs when constructing cypher ...
Keywords:
Status: CLOSED DUPLICATE of bug 2101669
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2127433
TreeView+ depends on / blocked
 
Reported: 2022-09-19 09:45 UTC by Borja Tarraso
Modified: 2022-10-31 13:51 UTC (History)
11 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2022-10-31 13:51:11 UTC
Embargoed:

Attachments (Terms of Use)

Description Borja Tarraso 2022-09-19 09:45:20 UTC 
Improper or lack of sanitization of user-supplied inputs when constructing Cypher queries or Cypher fragments for the graph databases can allow an attacker to subvert the original query.

These attacks are made possible by incomplete or missing escaping of characters when constructing the Cypher query. Only Search collectors (using their configured system account identity) can trigger the injections on the aggregator via the HTTP POST message to the Hub's API endpoint. The aggregator component is deployed on the Hub but collectors are present on managed clusters (under the "search addon" designation).

Cypher requests are emitted using the GRAPH.QUERY redis command. This command allows for writing. Writing is superfluous for the search API and due to the structure of cypher requests any injections can be made to insert or alter any nodes and properties.
Comment 1 Borja Tarraso 2022-10-31 13:51:11 UTC 

*** This bug has been marked as a duplicate of bug 2101669 ***
Note You need to log in before you can comment on or make changes to this bug.