Authentication Bypass Vulnerability in SurrealDB by SurrealDB
CVE-2024-58363
5.3MEDIUM
What is CVE-2024-58363?
SurrealDB versions prior to 1.5.4 are susceptible to an authentication bypass that occurs when a user switches databases using the USE clause or the use method. This vulnerability allows authenticated attackers to impersonate another user in a different database if there exists a user record with the same identifier. As a result, unauthorized actions can be executed, particularly if access control is solely dependent on the $auth parameter.
Affected Version(s)
surrealdb 0 < 1.5.4
surrealdb 0 < 2.0.0-alpha.6
surrealdb 0 < 1.5.1
