Databricks resource local file inclusion
A vulnerability in the Retool Databricks Resource Connector allowed for a Local File Inclusion attack. Attackers leveraging this vulnerability could have viewed any file in your DBConnector deployment. If you do not have separate DBConnector and Backend deployments, an attacker would also be able to view any files in your Backend deployment. By default, Retool does not bundle sensitive files or cryptographic keys in DBConnector.
To exploit this vulnerability, an attacker would need access to an active account in your instance with resource creation permissions, or edit permissions on a Databricks resource.
As part of remediating this issue, Retool no longer supports semicolons in resource credentials for Databricks resources.
| Detail | Description |
|---|---|
| Vulnerability Type | CWE-73: External Control of File Name or Path |
| Affected Component | Databricks Resource DBConnector |
| Attack Type | Remote |
| Impact | Information Disclosure |
Affected and patched release versions
Retool has released the following patches for Stable and Edge channel releases of self-hosted Retool.
| Channel | Affected version | Patched version |
|---|---|---|
| Edge | 3.300.3 and earlier | 3.300.4 |
| 3.284 Stable | 3.284.0 to 3.284.10 | 3.284.11 |
| 3.253 Stable | 3.253.0 to 3.253.18 | 3.253.19 |