GHSA-9722-9j67-vjcr: 
Rust vulnerability analysis and mitigation

The vulnerability (GHSA-9722-9j67-vjcr) is an Improper Authorization issue in SurrealDB's Select Permissions, discovered and disclosed on October 8, 2024. It affects SurrealDB versions prior to 2.0.4 and surrealdb-core package versions below 2.0.4. The vulnerability stems from the order in which permissions were processed, potentially leading to unauthorized access to field values and record contents (GitHub Advisory).

The vulnerability manifests in several scenarios: 1) SELECT VALUE operations bypassing field permissions due to non-iterable values, 2) field aliasing circumventing SELECT permissions by checking against the aliased field instead of the original, 3) function calls in SELECT queries accessing field values before permission checks, 4) WHERE clauses processing protected fields before permission validation, 5) RETURN BEFORE clause exposing record contents despite lack of SELECT permissions, and 6) UPDATE operations allowing access to restricted field values through SET clauses. The vulnerability has a CVSS v4 score of 7.1 (High), with Network attack vector, Low attack complexity, and High confidentiality impact (GitHub Advisory).

The vulnerability allows clients with table-level SELECT permissions to gain knowledge of field values they shouldn't have access to, even when field-level permissions restrict such access. Additionally, clients with UPDATE or DELETE permissions but without SELECT permissions could potentially access record contents. This primarily affects deployments using SurrealDB as a backend-as-a-service rather than as a traditional database backend (GitHub Advisory).

For users unable to update to version 2.0.4 or later, two workarounds are recommended: 1) Instead of relying on field permissions for SELECT operations, restrict read access at the table level, and 2) When allowing UPDATE or DELETE operations via table permissions, do not rely on SELECT permission restrictions - instead, explicitly prevent clients from accessing records they shouldn't be able to view. The permanent fix implemented in version 2.0.4 improves permission evaluation timing and ensures unauthorized users cannot access protected information (GitHub Advisory).