Horizon Alert
Summary of the vulnerability and why it matters
This advisory concerns a critical vulnerability in the Budibase low-code platform, affecting publicly accessible applications. The flaw allows unauthenticated visitors to potentially read and modify all data within connected databases or collections. This could lead to significant data compromise and unauthorized alterations, as the platform's security controls are bypassed in this specific scenario.
- Public apps can expose all their data.
- Leadership should remember data access is the concern.
- Confirm if any published apps are affected.
Attack Path
How an attacker could exploit the issue
An unauthenticated visitor to a published Budibase application can interact with its query endpoint. By crafting a specific HTTP request containing malicious input, an attacker can manipulate the way parameters are processed and inserted into database queries. This manipulation allows an attacker to bypass intended access controls and potentially read or modify sensitive data within connected databases like MongoDB.
- Unauthenticated access to published app.
- Malformed HTTP request to query API.
- Read and modify database records.
Live Threat
Current exploitation, exposure, and threat context
An unauthenticated visitor to a published Budibase application could read or modify all documents within connected data collections, such as MongoDB, CouchDB, Elasticsearch, or DynamoDB, when public write queries are enabled. This occurs because the platform may not properly sanitize user input for raw query bodies, allowing specially crafted requests to bypass intended filters and execute unintended operations.
- Sensitive data in connected databases.
- Unsanitized input sent to data queries.
- Unauthorized data modification or exposure.
Operational Fix
Recommended remediation, mitigation, and detection steps
Application owners, platform teams, and infrastructure teams are likely responsible for addressing this vulnerability in Budibase. The first practical step is to identify all deployed instances of Budibase, determine which published applications are exposed to the internet, and confirm if they are business-critical. This will allow for accurate risk assessment and prioritization of remediation efforts, potentially involving coordination with the Budibase vendor or applying the fix during scheduled maintenance.
- Application owners and platform teams.
- Verify public app query endpoint exposure.
- Plan vendor coordination or upgrade.