Horizon Alert
Summary of the vulnerability and why it matters
A security vulnerability in the Budibase low-code platform allows an authenticated user to access and exfiltrate arbitrary files on the server. This issue stems from how the platform processes uploaded zip files, specifically its handling of symbolic links during file extraction and processing, potentially exposing sensitive data.
- Attackers can read any file the server can access.
- It impacts a core function of a widely used low-code tool.
- Confirming if Budibase is used is the primary executive action.
Attack Path
How an attacker could exploit the issue
An attacker with builder privileges could exploit this vulnerability by uploading a specially crafted ZIP file. This file contains a symbolic link that points to an arbitrary file on the server. When the Budibase platform processes this ZIP file, it incorrectly handles the symbolic link, allowing the attacker to read any file accessible by the server process. The content of this file is then streamed back to the attacker through an asset-fetching endpoint.
- Requires builder access.
- ZIP file with symbolic link.
- Read any server file.
Live Threat
Current exploitation, exposure, and threat context
When supported by the advisory, a workspace-level builder could access and exfiltrate any file readable by the Budibase server process, potentially exposing sensitive information stored on the server.
- Server files could be at risk.
- Malicious zip uploaded via API.
- Unauthorized data exfiltration may occur.
Operational Fix
Recommended remediation, mitigation, and detection steps
The Budibase platform's backend is likely managed by the infrastructure or platform team, while application-specific configurations and criticality would fall under application owners. Security and network teams should verify external exposure and implement access controls. The initial step is to identify all Budibase instances, assess their reachability and business impact, and then coordinate remediation with accountable teams.
- Identify Budibase instances and assess impact.
- Confirm reachability and business criticality.
- Plan remediation with accountable owners.