Summary
mindsdb arbitrary file write when extracting a remotely retrieved Tarball
An unsafe extraction is being performed using tarfile.extractall() from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant.
Details
I commented the following snippet of code as a vulnerability details. The code is from file.py#L26..L134
@ns_conf.route('/<name>')
@ns_conf.param('name', "MindsDB's name for file")
class File(Resource):
@ns_conf.doc('put_file')
def put(self, name: str):
''' add new file
params in FormData:
- file
- original_file_name [optional]
'''
data = {}
... omitted for brevity
url = data['source']
data['file'] = data['name']
... omitted for brevity
with requests.get(url, stream=True) as r: # Source: retrieve the URL which point to a remotely located tarball
if r.status_code != 200:
return http_error(
400,
"Error getting file",
f"Got status code: {r.status_code}"
)
file_path = os.path.join(temp_dir_path, data['file'])
with open(file_path, 'wb') as f:
for chunk in r.iter_content(chunk_size=8192): # write with chunks the remote retrieved file into file_path location
f.write(chunk)
original_file_name = data.get('original_file_name')
file_path = os.path.join(temp_dir_path, data['file'])
lp = file_path.lower()
if lp.endswith(('.zip', '.tar.gz')):
if lp.endswith('.zip'):
with zipfile.ZipFile(file_path) as f:
f.extractall(temp_dir_path)
elif lp.endswith('.tar.gz'):
with tarfile.open(file_path) as f: # Just after
f.extractall(temp_dir_path) # Sink: the tarball located by file_path is supposed to be extracted to temp_dir_path.
So, a remotely available tarball is being retrieved and written to the server filesystem in chunks, and then, if the extension ends with .tar.gz of a compressed tarball, the mindsdb app applies tarfile.extractall() directly with no checks for the destination.
However, according to the following warning from the official documentation;
Warning: Never extract archives from untrusted sources without prior inspection. It is possible that files are created outside of path, e.g. members that have absolute filenames starting with "/" or filenames with two dots "..".
PoC
The following PoC is provided for illustration purposes only. It showcases the risk of extracting a non-harmless text file sim4n6.txt to one of the parent locations rather than the intended current folder.
> tar --list -v -f archive.tar.gz
tar: Removing leading "../../../" from member names
../../../sim4n6.txt
> python3
Python 3.10.6 (main, Nov 2 2022, 18:53:38) [GCC 11.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import tarfile
>>> with tarfile.open("archive.tar.gz") as tf:
>>> tf.extractall()
>>> exit()
> test -f ../../../sim4n6.txt && echo "sim4n6.txt exists"
sim4n6.txt exists
Attack Scenario
An attacker could craft a malicious tarball with a filename path, such as ../../../../../../../../etc/passwd, and then serve the archive remotely, proceed to the PUT request of the tarball through mindsdb and overwrite the system files of the hosting server for instance.
Mitigation
Potential mitigation could be to:
- Use a safer module, like
zipfile. - Use an alternative of
tarfile, such astarsafe. - Validate the location or the absolute path of the extracted files and discard those with malicious paths such as relative path
../../..or absolute path such as/etc/password. A simple wrapper could be written to raise an exception when a path traversal may be identified.
This is similar to the other report GHSA-7x45-phmr-9wqp.
Impact
Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files. Typical impact: unauthorized file read or write outside the intended directory.
CVE-2023-30620 has a CVSS score of 7.5 (High). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (23.2.1.0); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Already deployed Kodem?
See it in your environmentNew to Kodem? Get a demo →Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2023-30620? CVE-2023-30620 is a high-severity path traversal vulnerability in mindsdb (pip), affecting versions < 23.2.1.0. It is fixed in 23.2.1.0. Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files.
- How severe is CVE-2023-30620? CVE-2023-30620 has a CVSS score of 7.5 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of mindsdb are affected by CVE-2023-30620? mindsdb (pip) versions < 23.2.1.0 is affected.
- Is there a fix for CVE-2023-30620? Yes. CVE-2023-30620 is fixed in 23.2.1.0. Upgrade to this version or later.
- Is CVE-2023-30620 exploitable, and should I be worried? Whether CVE-2023-30620 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2023-30620 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2023-30620? Upgrade
mindsdbto 23.2.1.0 or later.