Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the database query.
The vulnerability results from directly concatenating user input data — passed through the GET request parameter — with the content of the SQL query, without applying proper sanitization or query parameterization. An attacker can craft a malicious GET parameter value that will be interpreted by the database engine as part of the SQL query. As a result, arbitrary modification of the query logic executed by the application is possible.
An attacker can gain unauthorized access to data stored in the database, modify or delete data, and depending on the database configuration — potentially take control of the database server or cause it to become unavailable.
Kestra must be updated to a version newer than 1.3.3. Detailed information about available patches can be found in the official security advisory from the vendor at: https://github.com/kestra-io/kestra/security/advisories/GHSA-365w-2m69-mp9x
Kestra in version 1.3.3 and all earlier versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HKestra
APPKestra< 1.0.351.1.0 – 1.3.7 (bez)
Related vulnerabilities
Kestra: Pominięcie uwierzytelnienia REST API prowadzące do RCE jako root
Kestra: Auth Bypass umożliwiający nieuwierzytelniony RCE jako root
SQL Injection prowadzący do RCE w platformie Kestra (endpoint wyszukiwania flows)
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in t...
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API ...