Tandoor Recipes is a recipe manager that can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the full database file may be externally accessible, potentially on the Internet. The root cause is that the NixOS module configures the working directory of Tandoor Recipes, as well as the value of `MEDIA_ROOT`, to be `/var/lib/tandoor-recipes`. This causes Tandoor Recipes to create its `db.sqlite3` database file in the same directory as `MEDIA_ROOT`, causing it to be accessible without authentication through HTTP like any other media file.
This is the case when using `GUNICORN_MEDIA=1` or when using a web server like nginx to serve media files. NixOS 26.05 changes the default value of `MEDIA_ROOT` to a subfolder of the data directory. This only applies to configurations with `system.stateVersion` >= 26.05. For older configurations, one of the workarounds should be applied instead.
NixOS 25.11 has received a backport of this patch, though it doesn't fix this vulnerability without user intervention. A recommended workaround is to move `MEDIA_ROOT` into a subdirectory. Non-recommended workarounds include switching to PostgreSQL or disallowing access to `db.sqlite3`. Organizations should prioritize patching immediately.
Risk to organizations includes unauthorized access to sensitive data, which could lead to data breaches or misuse of the information contained within the database.
Given the high CVSS score of 8.7, this vulnerability poses significant risks and necessitates immediate attention from security teams.
Vulnerability Details
The vulnerability is classified under CWE-538, indicating a configuration issue that leads to unauthorized access. The CVSS score reflects a high severity, indicating that the vulnerability can be exploited over the network with low complexity, requiring no privileges or user interaction.
Technical Analysis
The root cause of this vulnerability stems from the configuration of the NixOS module, which incorrectly sets the `MEDIA_ROOT` directory. This misconfiguration results in the database file being stored in a publicly accessible location, making it vulnerable to unauthorized access. The attack vector is network-based, with a low attack complexity, meaning that an attacker could exploit this vulnerability without significant effort.
Furthermore, this vulnerability does not require any privileges or user interaction for exploitation, thus increasing the risk significantly.
Risk & Impact Analysis
Organizations using versions of Tandoor Recipes affected by this vulnerability could face severe repercussions, including data exposure and potential regulatory non-compliance if sensitive information is accessed. The blast radius, given the nature of the data potentially exposed, could be extensive, affecting not just the application but also user trust and organizational reputation.
The urgency for remediation is high, and organizations should address this vulnerability in their priority patch cycle. Given the CVSS score of 8.7, the risks associated with this vulnerability necessitate immediate action.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
This vulnerability affects Tandoor Recipes versions starting from 23.05 up to, but not including, 26.05. Organizations running these versions should apply recommended workarounds or update to NixOS 26.05 or later.
Mitigation & Remediation
Organizations should implement the recommended workarounds promptly. A suggested workaround is to move the `MEDIA_ROOT` directory into a subdirectory to prevent unauthorized access. If patching is not feasible immediately, consider restricting access to the `db.sqlite3` database file or switching to PostgreSQL as a temporary measure.
For further guidance on security testing, organizations can consult the penetration testing services offered by AppSecure.
Detection Guidance
Organizations should monitor logs for any unauthorized access attempts to the SQLite database. Behavioral anomalies such as unexpected access patterns to media files should be investigated. Network signatures can also help identify potential exploitation attempts.
AppSecure Threat Intelligence Insight
The long-term significance of this vulnerability is notable as it highlights the critical importance of secure configuration in application deployments. Security teams should take this incident as a learning opportunity to reassess their configuration management practices to avoid similar vulnerabilities in the future.
Organizations may also benefit from reviewing their overall vulnerability management program to ensure comprehensive coverage against such exposure risks.
Additionally, investing in ongoing penetration testing practices can help identify configuration issues before they are exploited.
Finally, security teams should stay informed about emerging vulnerabilities to enhance their proactive defense strategies. Regular updates and training on the latest security trends and threats can greatly reduce the risk of similar future vulnerabilities.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)