CVE-2024-34693

MEDIUM

Apache Superset < 3.1.3 - Authenticated File Read via MariaDB Connection with local_infile

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-34693. PoCs published by mbadanoiu, Mr-r00t11.

AI-analyzed exploit summary The repository lacks actual exploit code and instead points to an external PDF for details, which is a common tactic for suspicious repos. It describes a vulnerability involving MariaDB connections and rogue MySQL servers but provides no technical implementation.

Description

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0 Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.

Exploits (2)

nomisec SUSPICIOUS 10 stars

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2024-34693

View Code ZIP pw:eip

The repository lacks actual exploit code and instead points to an external PDF for details, which is a common tactic for suspicious repos. It describes a vulnerability involving MariaDB connections and rogue MySQL servers but provides no technical implementation.

Classification

Suspicious 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Apache Superset

Auth required

Prerequisites: Valid credentials for creating database connections · Bypassing authentication via known Flask secret

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1530 - Data from Cloud Storage

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by Mr-r00t11 · poc

https://github.com/Mr-r00t11/CVE-2024-34693

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2024-34693, which leverages a rogue MySQL server and malicious MariaDB connection to exfiltrate arbitrary files from Apache Superset via LOAD DATA LOCAL INFILE attacks.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Apache Superset

Auth required

Prerequisites: Python 3.x · Bettercap · Docker and Docker Compose · ability to create arbitrary database connections in Apache Superset

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/06/20/1

Mailing List vendor-advisory

https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon

Scores

CVSS v3 6.8

EPSS 0.1262

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (2)

apache/superset < 3.1.3

pypi/apache-superset 0 - 3.1.3PyPI

Published Jun 20, 2024

Tracked Since Feb 18, 2026