GHSA-gh9f-6xm2-c4j2: 
Rust vulnerability analysis and mitigation

A moderate severity vulnerability (GHSA-gh9f-6xm2-c4j2) was discovered in SurrealDB affecting versions <=1.5.3 and <=2.0.0-alpha.5. The vulnerability involves improper authentication validation when an authenticated scope user attempts to switch working databases using the 'use' method or USE clause. This issue specifically affects scope users and does not impact system users at any level (GitHub Advisory).

The vulnerability occurs when an authenticated scope user switches databases within a session. If a user record in the new database has an identical record identifier as the original authenticated user's record, the session could gain unauthorized access under the identity of the unrelated user in the new database. The issue has a CVSS v3.1 score of 6.3 (Moderate) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, indicating network vector attack with low complexity and required privileges (GitHub Advisory).

Under specific circumstances, an authenticated scope user could become authorized to query data under the identity of another user with a matching record identifier in a different database within the same SurrealDB instance. This is particularly possible when PERMISSIONS clauses rely exclusively on the $auth parameter. The impact is limited to single users with matching record identifiers and is mitigated in cases where table PERMISSIONS explicitly check for database-specific scopes or authentication token claims (GitHub Advisory).

The issue has been patched in versions 1.5.4 and 2.0.0-alpha.6. For users unable to update, recommended workarounds include ensuring table PERMISSIONS clauses explicitly check that the $scope parameter matches a scope uniquely named across databases in the same SurrealDB instance. Additionally, ensuring that record identifiers for users are automatically generated or explicitly generated to be unique across databases can mitigate the issue (GitHub Advisory).