Permission Bypass in SurrealDB by SurrealDB Team
CVE-2024-58356
2.3LOW
What is CVE-2024-58356?
Versions of SurrealDB prior to 2.1.4 exhibit a vulnerability in the handling of table definitions when the DEFINE TABLE ... OVERWRITE clause is utilized on tables of TYPE RELATION. If an administrator attempts to change permissions on a table, the system may fail to apply these changes, leading to a situation where previously restricted data remains accessible to users authorized to run queries. This oversight can result in unintended data exposure, as the permissions adjustments do not take effect, thus potentially compromising the security of sensitive information.
Affected Version(s)
surrealdb 0 < 2.1.4
surrealdb 0 < 2.1.4
surrealdb 2.1.4
