Tag
high
advisory
SurrealDB HTTP /rpc Session Hijack Vulnerability
5 TTPsA critical vulnerability (versions prior to 3.1.0) in SurrealDB's HTTP /rpc endpoint allowed unauthenticated attackers to enumerate session UUIDs via the `sessions` method, enabling full session hijack of any attached and authenticated session due to a lack of ownership checks, leading to unauthorized data manipulation and privilege escalation.
SurrealDB +1
vulnerability
session-hijack
web-application
rpc
database
5t
high
advisory
SurrealDB HTTP RPC Session Race Condition Allows Privilege Escalation
1 TTPAn unauthenticated time-of-check/time-of-use (TOCTOU) race condition exists in the HTTP /rpc endpoint of SurrealDB versions prior to 3.1.0, allowing an attacker to inherit the session and privileges of an authenticated user by sending concurrent requests, potentially leading to full control over the database if a highly privileged session is hijacked.
SurrealDB
privilege-escalation
race-condition
webserver
1t