Facebook · Osquery · CVE-2020-26273
**Name of the Vulnerable Software and Affected Versions**
osquery versions prior to 4.6.0
**Description**
The issue allows someone with administrative access to osquery to cause reads and writes to arbitrary sqlite databases on disk by using sqlite's ATTACH verb. This can lead to the creation of arbitrary files, but they will be sqlite databases. It does not appear to allow existing non-sqlite files to be overwritten. There are several mitigating factors and possible workarounds, such as running osquery as a non-root user or using a central tool to filter for the `ATTACH` keyword.
**Recommendations**
For osquery versions prior to 4.6.0, update to version 4.6.0 or later to resolve the issue.
As a temporary workaround, consider running osquery as a non-root user to limit the desired access levels.
Restrict access to the `ATTACH` keyword in configurations managed by a central tool to minimize the risk of exploitation.