.. / CVE-2024-24565

Exploit for CrateDB Database - Arbitrary File Read (CVE-2024-24565)

Description:

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage.

Nuclei Template

View the template here CVE-2024-24565.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-24565.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-24565