CVE-2020-8429

Name of the Vulnerable Software and Affected Versions Kinetica version 7.0.9.2.20191118151947

Description The issue concerns the Admin web application, where the getLogs function does not properly sanitise input. This could allow an authenticated attacker to run remote code on the underlying operating system by exploiting the logFile parameter. The parameter is used in a command to read log files, but poor input sanitisation makes it possible to bypass a replacement and break out of the command.

Recommendations For Kinetica version 7.0.9.2.20191118151947, consider disabling the getLogs function until a patch is available to prevent potential remote code execution. Restrict access to the logFile parameter in the getLogs function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.