The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2024-34693

CVE-2024-34693: Apache Superset SQLi Vulnerability

CVE-2024-34693 is a SQL injection vulnerability in Apache Superset that allows authenticated attackers to read server files via MariaDB local_infile. This article covers technical details, affected versions, and mitigation.

Updated: January 22, 2026

CVE-2024-34693 Overview

CVE-2024-34693 is an Improper Input Validation vulnerability in Apache Superset that allows an authenticated attacker to create a MariaDB connection with local_infile enabled. When both the MariaDB server (which has this feature disabled by default) and the local MySQL client on the web server are configured to allow local infile operations, an attacker can execute specific MySQL/MariaDB SQL commands capable of reading files from the server and inserting their content into a MariaDB database table.

This vulnerability represents a significant security concern for organizations using Apache Superset with MariaDB backends, as it could lead to unauthorized access to sensitive server files through a legitimate database connection interface.

Critical Impact

Authenticated attackers can potentially read arbitrary files from the Apache Superset server and exfiltrate sensitive data through MariaDB database operations when specific server configurations are in place.

Affected Products

  • Apache Superset versions before 3.1.3
  • Apache Superset version 4.0.0
  • Apache Superset deployments with MariaDB database connections

Discovery Timeline

  • June 20, 2024 - CVE-2024-34693 published to NVD
  • February 13, 2025 - Last updated in NVD database

Technical Details for CVE-2024-34693

Vulnerability Analysis

This vulnerability stems from improper input validation in Apache Superset's database connection handling. When creating database connections to MariaDB, Superset fails to adequately validate and restrict the local_infile parameter. This MySQL/MariaDB feature, when enabled, allows the LOAD DATA LOCAL INFILE SQL statement to read files from the client machine (in this case, the Superset web server) and load them into database tables.

The attack requires authentication to the Apache Superset instance, meaning an attacker must have valid credentials. However, once authenticated, the attacker can configure a MariaDB connection that enables local file reading capabilities. The vulnerability exploits the trust relationship between the Superset server and the MariaDB database, using the database connection as a conduit for file exfiltration.

The successful exploitation depends on a specific configuration where both the MariaDB server has local_infile enabled (off by default) and the MySQL client library on the Superset web server is also configured to allow local infile operations.

Root Cause

The root cause of CVE-2024-34693 is insufficient validation of database connection parameters in Apache Superset. The application does not properly sanitize or restrict the local_infile setting when users create MariaDB database connections. This allows authenticated users to enable a potentially dangerous feature that should be controlled by administrators only.

The vulnerability is classified under CWE-20 (Improper Input Validation), as the application fails to validate that the connection parameters conform to secure configuration requirements.

Attack Vector

The attack is network-based and requires authentication to the Apache Superset application. The attacker must:

  1. Authenticate to a vulnerable Apache Superset instance
  2. Create a new MariaDB database connection with local_infile enabled
  3. Execute LOAD DATA LOCAL INFILE SQL commands to read files from the Superset server
  4. Store the file contents in a MariaDB table accessible to the attacker

The attack exploits the web application's database connection functionality to achieve file system access on the underlying server. The vulnerability allows reading files that the Superset web server process has permission to access, potentially including configuration files, credentials, application source code, or other sensitive data.

Detection Methods for CVE-2024-34693

Indicators of Compromise

  • Unusual MariaDB database connections created with local_infile enabled
  • SQL query logs showing LOAD DATA LOCAL INFILE statements executed through Superset
  • Database tables containing file content that appears to be configuration files or system data
  • Unexpected file access patterns on the Superset server matching database query timestamps

Detection Strategies

  • Monitor Apache Superset database connection configurations for local_infile parameter usage
  • Implement SQL query logging and alerting for LOAD DATA LOCAL INFILE commands
  • Review audit logs for database connection creation activities, especially from non-administrative users
  • Deploy network monitoring to detect unusual data transfers between Superset servers and MariaDB instances

Monitoring Recommendations

  • Enable comprehensive audit logging for Apache Superset database connection management
  • Configure MariaDB general query logs to capture all SQL statements for forensic analysis
  • Implement file integrity monitoring on the Superset server to detect unauthorized file access attempts
  • Set up alerts for new database connections with non-standard configuration parameters

How to Mitigate CVE-2024-34693

Immediate Actions Required

  • Upgrade Apache Superset to version 4.0.1 or 3.1.3 immediately
  • Review all existing MariaDB database connections in Superset for local_infile configurations
  • Ensure MariaDB server configuration has local_infile=0 set globally
  • Audit user permissions and restrict database connection creation to trusted administrators

Patch Information

Apache recommends upgrading to Apache Superset version 4.0.1 or 3.1.3, which address this vulnerability by implementing proper input validation for database connection parameters. The patches prevent users from enabling local_infile through the Superset interface, regardless of the underlying database server configuration.

For additional security information and discussion, refer to the Apache Security Thread Discussion and the Openwall OSS Security Update.

Workarounds

  • Disable local_infile on the MariaDB server by setting local_infile=0 in the server configuration
  • Configure the MySQL client library on the Superset server to disable local infile by default
  • Implement network segmentation to restrict Superset server access to sensitive file locations
  • Apply strict user access controls to limit which users can create or modify database connections in Superset
bash
# MariaDB server configuration to disable local_infile
# Add to my.cnf or mariadb.cnf [mysqld] section
[mysqld]
local_infile=0

# Restart MariaDB service after configuration change
sudo systemctl restart mariadb

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeSQLI
  • Vendor/TechApache Superset
  • SeverityMEDIUM
  • CVSS Score5.3
  • EPSS Probability12.37%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Impact Assessment
  • ConfidentialityHigh
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-20
  • NVD-CWE-noinfo
  • Technical References
  • Openwall OSS Security Update
  • Apache Security Thread Discussion
  • Related CVEs
  • CVE-2026-23969: Apache Superset SQLi Vulnerability
  • CVE-2026-23980: Apache Superset SQLi Vulnerability
  • CVE-2024-39887: Apache Superset SQLi Vulnerability
  • CVE-2023-49736: Apache Superset SQL Injection Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English