{question}
Is there a security issue in SingleStore’s engine pipeline transform mechanism that could allow an authenticated user with permission to create pipelines to access restricted files?
{question}
{answer}
We identified a security issue in SingleStore’s engine pipeline transform mechanism that could allow an authenticated user with permission to create pipelines to access restricted files on the underlying host file system in certain cloud deployments. Under specific conditions, these files could be referenced by a misconfigured pipeline transform, potentially exposing their contents through error messages.
This vulnerability does not allow unauthenticated access and does not bypass authentication, but it could be used for privilege escalation by an already authenticated, under-privileged user.
This behavior leverages an internal feature that was previously supported but not publicly documented, and is not part of the intended or recommended usage in current versions. As a result, it is unlikely to be exercised in typical production workloads today.
- If you are a SingleStore Helios customer, no action is required from you as this was never in use by as per our records and patching is under way;
- If you are running SingleStore in a self-managed deployment, you are unlikely to be affected; however, we strongly recommend:
- Upgrading to a patch release that is current as of the publication date of this bulletin and ensuring you are running a supported (non-EOL) version of SingleStoreDB. In line with SingleStore’s rolling release model, this issue has been addressed in v9.0.18. Backports for earlier supported versions are in progress and are expected to be released in the coming weeks; and
- Reviewing existing pipeline definitions to ensure that no prewritten transformations contain suspicious or unintended behavior.
{answer}