security: Authentication bypass for internal RPCs #30821
Labels
C-security-disclosure
Represents a Cockroach Labs initiated security disclosure.
C-technical-advisory
Caused a technical advisory
Comments
bdarnell
added
the
C-security-disclosure
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Versions Affected: v1.0 - v2.0.5
Corrected in Versions: v1.1.9, v2.0.6, v2.1-beta.20181001
Overview
On 9/23, an internal review uncovered a security vulnerability within CockroachDB’s GRPC layer. This vulnerability was prioritized for a fix and repaired in v1.1.9, v2.0.6 and v2.1-beta.20181001 on 10/1.
Problem Statement
Some of CockroachDB’s internal GRPC interfaces for inter-node communication did not implement certificate validation correctly and could permit an unauthorized user to access the cluster.
Risk Assessment
This vulnerability requires network access to the CockroachDB serving port. Clusters behind a firewall are only vulnerable to users with access to the network behind the firewall. Exploiting this vulnerability would allow unauthenticated users to both read and write to the cluster.
Corrective Action
A fix for this issue is included in releases 1.1.9, 2.0.6, and 2.1-beta.20181001 (and all later releases). All servers should be upgraded to one of these versions as soon as possible.
The text was updated successfully, but these errors were encountered: