0.91.7+
CVE-2022-2063 describes an improper privilege management vulnerability discovered in NocoDB, a self-hosted Airtable alternative. This flaw allows attackers to potentially gain unauthorized access and modify data within the application. The vulnerability affects versions of NocoDB up to and including 0.91.7, and a patch is available in version 0.91.7 and later.
The improper privilege management flaw in NocoDB allows an attacker to bypass access controls and perform actions they are not authorized to do. This could include reading, modifying, or deleting sensitive data stored within the NocoDB instance. Depending on the data stored, this could lead to significant data breaches and compromise the integrity of the application. The impact is amplified if NocoDB is used to manage critical business data or sensitive user information. Successful exploitation could also lead to account takeover and further compromise of the underlying system.
CVE-2022-2063 was publicly disclosed on June 13, 2022. While no active exploitation campaigns have been definitively confirmed, the CRITICAL severity score and the ease of potential exploitation suggest a high likelihood of future attacks. No Proof of Concept (PoC) code has been publicly released, but the vulnerability's nature makes it likely that one will emerge. It is not currently listed on the CISA KEV catalog.
Organizations using NocoDB to manage sensitive data, particularly those with limited security controls or legacy configurations, are at significant risk. Shared hosting environments where multiple users share a single NocoDB instance are also particularly vulnerable, as a compromise of one user account could potentially lead to access to data belonging to other users.
• nodejs / server: Monitor NocoDB logs for unusual access patterns or attempts to access restricted resources. Use lsof or ss to identify any unexpected processes accessing the NocoDB instance.
lsof -i :3000 # Assuming NocoDB runs on port 3000• generic web: Check NocoDB's access logs for requests originating from unusual IP addresses or user agents. Examine response headers for any signs of unauthorized access.
curl -I <nocodb_url>disclosure
エクスプロイト状況
EPSS
1.07% (78% パーセンタイル)
CVSS ベクトル
The primary mitigation for CVE-2022-2063 is to immediately upgrade NocoDB to version 0.91.7 or later. This patched version addresses the improper privilege management issue. If upgrading is not immediately feasible, consider implementing stricter access controls within NocoDB to limit the potential impact of the vulnerability. Review user permissions and ensure that users only have access to the data and functionality they require. Monitor NocoDB logs for any suspicious activity that might indicate an attempted exploitation.
NocoDB をバージョン 0.91.7 以降にアップデートしてください。このバージョンは不適切な権限管理の脆弱性を修正します。アップデートは、NocoDB をインストールするために使用したパッケージマネージャー (例えば、npm または yarn) を通じて実行できます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2022-2063 is a critical vulnerability in NocoDB versions up to 0.91.7 that allows unauthorized access and data modification due to improper privilege management.
Yes, if you are running NocoDB version 0.91.7 or earlier, you are affected by this vulnerability and should upgrade immediately.
Upgrade NocoDB to version 0.91.7 or later to patch the vulnerability. Review user permissions and implement stricter access controls if upgrading is not immediately possible.
While no confirmed active exploitation campaigns have been reported, the CRITICAL severity score suggests a high likelihood of future attacks.
Refer to the NocoDB security advisory on their GitHub repository: https://github.com/nocodb/nocodb/security/advisories/GHSA-949x-695x-747x