CVE-2023-41891

Name of the Vulnerable Software and Affected Versions FlyteAdmin versions prior to 1.1.124

Description The issue concerns a SQL vulnerability in list endpoints on FlyteAdmin, where a malicious user can send a REST request with custom SQL statements as list filters. This requires the attacker to have access to the FlyteAdmin installation, typically behind a VPN or authentication.

Recommendations For versions prior to 1.1.124, update to version 1.1.124 or later to resolve the issue. As a temporary workaround, consider restricting access to list endpoints on FlyteAdmin to minimize the risk of exploitation. Restrict access to the FlyteAdmin installation, ensuring it is only accessible behind a VPN or with proper authentication.