CVE-2024-6586

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-6586
CWE	https://cwe.mitre.org/data/definitions/201.html

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to /api/v1/dashboards//export. The forged request contains the value of the exporting user’s session token. A threat actor could obtain the session token of any user who exports the dashboard. The obtained session token can be used to perform actions as the victim on the application, resulting in session takeover.

Weakness

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Potential Mitigations

Compartmentalize the system to have “safe” areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.

Insertion of Sensitive Information Into Sent Data

Weakness

Potential Mitigations

References

CVE-2024-6586

Insertion of Sensitive Information Into Sent Data

Weakness

Potential Mitigations

Related Attack Patterns

References