Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities by yugabyte
CVE-2024-41435 (GCVE-0-2024-41435)
Vulnerability from cvelistv5 – Published: 2024-09-03 00:00 – Updated: 2024-09-03 20:15
VLAI
Summary
YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yugabyte | yugabytedb |
Affected:
2.21.1.0
cpe:2.3:a:yugabyte:yugabytedb:2.21.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yugabyte:yugabytedb:2.21.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yugabytedb",
"vendor": "yugabyte",
"versions": [
{
"status": "affected",
"version": "2.21.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41435",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T20:13:37.543021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T20:15:08.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the \"insert into\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:10:16.203Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/yugabyte/yugabyte-db/issues/22967"
},
{
"url": "https://gist.github.com/ycybfhb/1427881e7db911786837d32b0669e06b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41435",
"datePublished": "2024-09-03T00:00:00.000Z",
"dateReserved": "2024-07-18T00:00:00.000Z",
"dateUpdated": "2024-09-03T20:15:08.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6002 (GCVE-0-2023-6002)
Vulnerability from cvelistv5 – Published: 2023-11-07 23:56 – Updated: 2024-09-17 13:03
VLAI
Title
Log Injection
Summary
YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | YugabyteDB |
Affected:
2.0.0.0 , ≤ 2.14.13.0, 2.16.7.0, 2.18.3.0
(semver)
Unaffected: 2.14.14.0 Unaffected: 2.16.8.0 Unaffected: 2.18.4.0 |
Date Public
2023-11-07 23:03
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:19:18.227681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:03:18.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Docker",
"Kubernetes",
"MacOS"
],
"product": "YugabyteDB",
"vendor": "YugabyteDB",
"versions": [
{
"lessThanOrEqual": "2.14.13.0, 2.16.7.0, 2.18.3.0",
"status": "affected",
"version": "2.0.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2.14.14.0"
},
{
"status": "unaffected",
"version": "2.16.8.0"
},
{
"status": "unaffected",
"version": "2.18.4.0"
}
]
}
],
"datePublic": "2023-11-07T23:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eYugabyteDB is vulnerable to cross site scripting (XSS) via log injection.\u0026nbsp;Writing invalidated user input to log files can allow an unprivileged\u0026nbsp;attacker to forge log entries or inject malicious content into the logs.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "YugabyteDB is vulnerable to cross site scripting (XSS) via log injection.\u00a0Writing invalidated user input to log files can allow an unprivileged\u00a0attacker to forge log entries or inject malicious content into the logs.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-93",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-93: Log Injection-Tampering-Forging"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T19:18:33.398Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"url": "https://www.yugabyte.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Log Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-6002",
"datePublished": "2023-11-07T23:56:50.729Z",
"dateReserved": "2023-11-07T22:20:00.534Z",
"dateUpdated": "2024-09-17T13:03:18.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6001 (GCVE-0-2023-6001)
Vulnerability from cvelistv5 – Published: 2023-11-07 23:25 – Updated: 2024-09-17 13:03
VLAI
Title
Prometheus Metrics Accessible Pre-Authentication
Summary
Prometheus metrics are available without
authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | YugabyteDB Anywhere |
Affected:
2.0.0.0 , ≤ 2.18.3.0
(semver)
Unaffected: 2.18.4.0 Unaffected: 2.20.0.0 |
Date Public
2023-11-07 23:03
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:20:00.460298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:03:52.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Docker",
"Kubernetes"
],
"product": "YugabyteDB Anywhere",
"vendor": "YugabyteDB",
"versions": [
{
"lessThanOrEqual": "2.18.3.0",
"status": "affected",
"version": "2.0.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2.18.4.0"
},
{
"status": "unaffected",
"version": "2.20.0.0"
}
]
}
],
"datePublic": "2023-11-07T23:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prometheus metrics are available without\nauthentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment."
}
],
"value": "Prometheus metrics are available without\nauthentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T19:19:02.713Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"url": "https://www.yugabyte.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Prometheus Metrics Accessible Pre-Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-6001",
"datePublished": "2023-11-07T23:25:16.135Z",
"dateReserved": "2023-11-07T22:19:55.387Z",
"dateUpdated": "2024-09-17T13:03:52.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4640 (GCVE-0-2023-4640)
Vulnerability from cvelistv5 – Published: 2023-08-30 16:42 – Updated: 2024-10-01 18:31
VLAI
Title
Set Logging Level Without Authentication
Summary
The controller responsible for setting the logging level does not include any authorization
checks to ensure the user is authenticated. This can be seen by noting that it extends
Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | Anywhere |
Affected:
2.0.0 , ≤ 2.17.3
(2.17.3.0)
|
Date Public
2023-08-30 16:42
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:31:41.822513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:31:56.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anywhere",
"repo": "https://github.com/yugabyte/yugabyte-db",
"vendor": "YugabyteDB",
"versions": [
{
"lessThanOrEqual": "2.17.3",
"status": "affected",
"version": "2.0.0",
"versionType": "2.17.3.0"
}
]
}
],
"datePublic": "2023-08-30T16:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe controller responsible for setting the logging level does not include any authorization\nchecks to ensure the user is authenticated. This can be seen by noting that it extends\n\u003c/span\u003e\u003cspan style=\"background-color: rgb(246, 246, 246);\"\u003eController \u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003erather than \u003c/span\u003e\u003cspan style=\"background-color: rgb(246, 246, 246);\"\u003eAuthenticatedController \u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eand includes no further checks.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The controller responsible for setting the logging level does not include any authorization\nchecks to ensure the user is authenticated. This can be seen by noting that it extends\nController rather than AuthenticatedController and includes no further checks.\u00a0This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-30T16:42:45.242Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"url": "https://www.yugabyte.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Set Logging Level Without Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-4640",
"datePublished": "2023-08-30T16:42:45.242Z",
"dateReserved": "2023-08-30T16:41:56.711Z",
"dateUpdated": "2024-10-01T18:31:56.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0575 (GCVE-0-2023-0575)
Vulnerability from cvelistv5 – Published: 2023-02-09 16:12 – Updated: 2025-03-24 18:34
VLAI
Title
Remote Code Execution
Summary
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py.
This issue affects Yugabyte DB: Lesser then 2.2.0.0
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | YugabyteDB |
Affected:
2.0 , < 2.15
(2.0 to 2.14)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T17:33:06.055344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:34:16.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"DevopsBase.java:execCommand",
"TableManager.java:runCommand"
],
"platforms": [
"Linux",
"Docker",
"Kubernetes",
"MacOS"
],
"product": "YugabyteDB",
"vendor": "YugabyteDB",
"versions": [
{
"lessThan": "2.15",
"status": "affected",
"version": "2.0",
"versionType": "2.0 to 2.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "External Control of Critical State Data, Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ebackup.Py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Yugabyte DB: Lesser then 2.2.0.0\u003c/p\u003e"
}
],
"value": "External Control of Critical State Data, Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py.\n\nThis issue affects Yugabyte DB: Lesser then 2.2.0.0\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
},
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-642",
"description": "CWE-642: External Control of Critical State Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T22:22:52.652Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"url": "https://www.yugabyte.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use Yugabyte version\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cb\u003e2.3.3.0-b106\u0026nbsp;\u003c/b\u003eor higher.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Use Yugabyte version\u00a02.3.3.0-b106\u00a0or higher.\n\n"
}
],
"source": {
"defect": [
"PLAT-3444"
],
"discovery": "INTERNAL"
},
"title": "Remote Code Execution",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn \u003c/span\u003e\u003ccode\u003eyugaware/config/configs\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e folder there is a file \u003c/span\u003e\u003ccode\u003eacceptableKeys.yaml\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e which contains a list of acceptable keys for different types of providers. Edit it and restart the Yugaware process to reload the list.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In yugaware/config/configs folder there is a file acceptableKeys.yaml which contains a list of acceptable keys for different types of providers. Edit it and restart the Yugaware process to reload the list.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-0575",
"datePublished": "2023-02-09T16:12:46.327Z",
"dateReserved": "2023-01-30T08:16:20.523Z",
"dateUpdated": "2025-03-24T18:34:16.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0745 (GCVE-0-2023-0745)
Vulnerability from cvelistv5 – Published: 2023-02-09 16:08 – Updated: 2025-03-24 18:33
VLAI
Title
Arbitrary File Write in High Availability Backup Upload
Summary
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary
files through the backup upload endpoint by using path traversal characters.
This vulnerability is associated with program files PlatformReplicationManager.Java.
This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | YugabyteDB Anywhere |
Affected:
2.0 , ≤ 2.13
(2.0 to 2.13)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T17:33:21.113674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:33:37.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Docker",
"Kubernetes"
],
"product": "YugabyteDB Anywhere",
"vendor": "YugabyteDB",
"versions": [
{
"lessThanOrEqual": "2.13",
"status": "affected",
"version": "2.0",
"versionType": "2.0 to 2.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003eThe High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary\nfiles through the backup upload endpoint by using path traversal characters.\n\u003c/p\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ePlatformReplicationManager.Java\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0\u003c/p\u003e"
}
],
"value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tThe High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary\nfiles through the backup upload endpoint by using path traversal characters.\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n This vulnerability is associated with program files PlatformReplicationManager.Java.\n\nThis issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T22:31:06.154Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.yugabyte.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in version 2.14 onwards . "
}
],
"value": "Fixed in version 2.14 onwards . "
}
],
"source": {
"defect": [
"PLAT-3445"
],
"discovery": "INTERNAL"
},
"title": "Arbitrary File Write in High Availability Backup Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-0745",
"datePublished": "2023-02-09T16:08:57.723Z",
"dateReserved": "2023-02-08T12:08:53.977Z",
"dateUpdated": "2025-03-24T18:33:37.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0574 (GCVE-0-2023-0574)
Vulnerability from cvelistv5 – Published: 2023-02-09 14:55 – Updated: 2025-03-24 18:33
VLAI
Title
Server-Side Request Forgery
Summary
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | YugabyteDB Anywhere |
Affected:
2.0.0.0 , ≤ 2.13.0.0
(2.0 to 2.13)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T17:34:08.279514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:33:02.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"UniverseCRUDHandler.java"
],
"platforms": [
"Linux",
"Docker",
"Kubernetes"
],
"product": "YugabyteDB Anywhere",
"vendor": "YugabyteDB",
"versions": [
{
"lessThanOrEqual": "2.13.0.0",
"status": "affected",
"version": "2.0.0.0",
"versionType": "2.0 to 2.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.\u003cp\u003eThis issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
},
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
},
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T22:20:52.094Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"url": "https://www.yugabyte.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in version 2.14 onwards .\u0026nbsp;"
}
],
"value": "Fixed in version 2.14 onwards .\u00a0"
}
],
"source": {
"defect": [
"PLAT-3195"
],
"discovery": "INTERNAL"
},
"title": "Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-0574",
"datePublished": "2023-02-09T14:55:29.165Z",
"dateReserved": "2023-01-30T08:15:55.659Z",
"dateUpdated": "2025-03-24T18:33:02.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37397 (GCVE-0-2022-37397)
Vulnerability from cvelistv5 – Published: 2022-08-12 18:01 – Updated: 2024-08-03 10:29
VLAI
Title
The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft’s Active Directory
Summary
An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password.
Severity
8.3 (High)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugaByte, Inc. | Yugabyte DB |
Affected:
2.6.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macos, darwin"
],
"product": "Yugabyte DB",
"vendor": "YugaByte, Inc.",
"versions": [
{
"status": "affected",
"version": "2.6.1.0"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-12T18:01:37.000Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.yugabyte.com/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to non-vulnerable version 2.6.1.1+"
}
],
"source": {
"defect": [
"PLAT-4383"
],
"discovery": "EXTERNAL"
},
"title": "The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory",
"workarounds": [
{
"lang": "en",
"value": "Disable LDAP for YCQL."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@yugabyte.com",
"ID": "CVE-2022-37397",
"STATE": "PUBLIC",
"TITLE": "The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yugabyte DB",
"version": {
"version_data": [
{
"platform": "macos, darwin",
"version_name": "2.6.1.0",
"version_value": "2.6.1.0"
}
]
}
}
]
},
"vendor_name": "YugaByte, Inc."
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yugabyte.com/",
"refsource": "CONFIRM",
"url": "https://www.yugabyte.com/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to non-vulnerable version 2.6.1.1+"
}
],
"source": {
"defect": [
"PLAT-4383"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable LDAP for YCQL."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2022-37397",
"datePublished": "2022-08-12T18:01:37.000Z",
"dateReserved": "2022-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:21.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3800 (GCVE-0-2019-3800)
Vulnerability from cvelistv5 – Published: 2019-08-05 16:38 – Updated: 2024-09-17 04:29
VLAI
Title
CF CLI writes the client id and secret to config file
Summary
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
Severity
6.3 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cloudfoundry.org/blog/cve-2019-3800 | x_refsource_CONFIRM |
| https://pivotal.io/security/cve-2019-3800 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cloud Foundry | CF CLI Release |
Affected:
v1.x before v1.16.0
|
|
| Cloud Foundry | CF CLI |
Affected:
versions prior to v6.45.0
|
Date Public
2019-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CF CLI Release",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "v1.x before v1.16.0"
}
]
},
{
"product": "CF CLI",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "versions prior to v6.45.0"
}
]
}
],
"datePublic": "2019-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T16:38:20.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3800"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CF CLI writes the client id and secret to config file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-07-18T00:00:00.000Z",
"ID": "CVE-2019-3800",
"STATE": "PUBLIC",
"TITLE": "CF CLI writes the client id and secret to config file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CF CLI Release",
"version": {
"version_data": [
{
"version_value": "v1.x before v1.16.0"
}
]
}
},
{
"product_name": "CF CLI",
"version": {
"version_data": [
{
"version_value": "versions prior to v6.45.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-3800",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"name": "https://pivotal.io/security/cve-2019-3800",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3800"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3800",
"datePublished": "2019-08-05T16:38:20.424Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:29:08.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41435 (GCVE-0-2024-41435)
Vulnerability from nvd – Published: 2024-09-03 00:00 – Updated: 2024-09-03 20:15
VLAI
Summary
YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yugabyte | yugabytedb |
Affected:
2.21.1.0
cpe:2.3:a:yugabyte:yugabytedb:2.21.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yugabyte:yugabytedb:2.21.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yugabytedb",
"vendor": "yugabyte",
"versions": [
{
"status": "affected",
"version": "2.21.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41435",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T20:13:37.543021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T20:15:08.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the \"insert into\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:10:16.203Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/yugabyte/yugabyte-db/issues/22967"
},
{
"url": "https://gist.github.com/ycybfhb/1427881e7db911786837d32b0669e06b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41435",
"datePublished": "2024-09-03T00:00:00.000Z",
"dateReserved": "2024-07-18T00:00:00.000Z",
"dateUpdated": "2024-09-03T20:15:08.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6002 (GCVE-0-2023-6002)
Vulnerability from nvd – Published: 2023-11-07 23:56 – Updated: 2024-09-17 13:03
VLAI
Title
Log Injection
Summary
YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | YugabyteDB |
Affected:
2.0.0.0 , ≤ 2.14.13.0, 2.16.7.0, 2.18.3.0
(semver)
Unaffected: 2.14.14.0 Unaffected: 2.16.8.0 Unaffected: 2.18.4.0 |
Date Public
2023-11-07 23:03
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:19:18.227681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:03:18.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Docker",
"Kubernetes",
"MacOS"
],
"product": "YugabyteDB",
"vendor": "YugabyteDB",
"versions": [
{
"lessThanOrEqual": "2.14.13.0, 2.16.7.0, 2.18.3.0",
"status": "affected",
"version": "2.0.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2.14.14.0"
},
{
"status": "unaffected",
"version": "2.16.8.0"
},
{
"status": "unaffected",
"version": "2.18.4.0"
}
]
}
],
"datePublic": "2023-11-07T23:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eYugabyteDB is vulnerable to cross site scripting (XSS) via log injection.\u0026nbsp;Writing invalidated user input to log files can allow an unprivileged\u0026nbsp;attacker to forge log entries or inject malicious content into the logs.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "YugabyteDB is vulnerable to cross site scripting (XSS) via log injection.\u00a0Writing invalidated user input to log files can allow an unprivileged\u00a0attacker to forge log entries or inject malicious content into the logs.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-93",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-93: Log Injection-Tampering-Forging"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T19:18:33.398Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"url": "https://www.yugabyte.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Log Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-6002",
"datePublished": "2023-11-07T23:56:50.729Z",
"dateReserved": "2023-11-07T22:20:00.534Z",
"dateUpdated": "2024-09-17T13:03:18.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6001 (GCVE-0-2023-6001)
Vulnerability from nvd – Published: 2023-11-07 23:25 – Updated: 2024-09-17 13:03
VLAI
Title
Prometheus Metrics Accessible Pre-Authentication
Summary
Prometheus metrics are available without
authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | YugabyteDB Anywhere |
Affected:
2.0.0.0 , ≤ 2.18.3.0
(semver)
Unaffected: 2.18.4.0 Unaffected: 2.20.0.0 |
Date Public
2023-11-07 23:03
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:20:00.460298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:03:52.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Docker",
"Kubernetes"
],
"product": "YugabyteDB Anywhere",
"vendor": "YugabyteDB",
"versions": [
{
"lessThanOrEqual": "2.18.3.0",
"status": "affected",
"version": "2.0.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2.18.4.0"
},
{
"status": "unaffected",
"version": "2.20.0.0"
}
]
}
],
"datePublic": "2023-11-07T23:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prometheus metrics are available without\nauthentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment."
}
],
"value": "Prometheus metrics are available without\nauthentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T19:19:02.713Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"url": "https://www.yugabyte.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Prometheus Metrics Accessible Pre-Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-6001",
"datePublished": "2023-11-07T23:25:16.135Z",
"dateReserved": "2023-11-07T22:19:55.387Z",
"dateUpdated": "2024-09-17T13:03:52.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4640 (GCVE-0-2023-4640)
Vulnerability from nvd – Published: 2023-08-30 16:42 – Updated: 2024-10-01 18:31
VLAI
Title
Set Logging Level Without Authentication
Summary
The controller responsible for setting the logging level does not include any authorization
checks to ensure the user is authenticated. This can be seen by noting that it extends
Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | Anywhere |
Affected:
2.0.0 , ≤ 2.17.3
(2.17.3.0)
|
Date Public
2023-08-30 16:42
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:31:41.822513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:31:56.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Anywhere",
"repo": "https://github.com/yugabyte/yugabyte-db",
"vendor": "YugabyteDB",
"versions": [
{
"lessThanOrEqual": "2.17.3",
"status": "affected",
"version": "2.0.0",
"versionType": "2.17.3.0"
}
]
}
],
"datePublic": "2023-08-30T16:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe controller responsible for setting the logging level does not include any authorization\nchecks to ensure the user is authenticated. This can be seen by noting that it extends\n\u003c/span\u003e\u003cspan style=\"background-color: rgb(246, 246, 246);\"\u003eController \u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003erather than \u003c/span\u003e\u003cspan style=\"background-color: rgb(246, 246, 246);\"\u003eAuthenticatedController \u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eand includes no further checks.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The controller responsible for setting the logging level does not include any authorization\nchecks to ensure the user is authenticated. This can be seen by noting that it extends\nController rather than AuthenticatedController and includes no further checks.\u00a0This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-30T16:42:45.242Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"url": "https://www.yugabyte.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Set Logging Level Without Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-4640",
"datePublished": "2023-08-30T16:42:45.242Z",
"dateReserved": "2023-08-30T16:41:56.711Z",
"dateUpdated": "2024-10-01T18:31:56.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0745 (GCVE-0-2023-0745)
Vulnerability from nvd – Published: 2023-02-09 16:08 – Updated: 2025-03-24 18:33
VLAI
Title
Arbitrary File Write in High Availability Backup Upload
Summary
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary
files through the backup upload endpoint by using path traversal characters.
This vulnerability is associated with program files PlatformReplicationManager.Java.
This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | YugabyteDB Anywhere |
Affected:
2.0 , ≤ 2.13
(2.0 to 2.13)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T17:33:21.113674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:33:37.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Docker",
"Kubernetes"
],
"product": "YugabyteDB Anywhere",
"vendor": "YugabyteDB",
"versions": [
{
"lessThanOrEqual": "2.13",
"status": "affected",
"version": "2.0",
"versionType": "2.0 to 2.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003eThe High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary\nfiles through the backup upload endpoint by using path traversal characters.\n\u003c/p\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ePlatformReplicationManager.Java\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0\u003c/p\u003e"
}
],
"value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tThe High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary\nfiles through the backup upload endpoint by using path traversal characters.\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n This vulnerability is associated with program files PlatformReplicationManager.Java.\n\nThis issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T22:31:06.154Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.yugabyte.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in version 2.14 onwards . "
}
],
"value": "Fixed in version 2.14 onwards . "
}
],
"source": {
"defect": [
"PLAT-3445"
],
"discovery": "INTERNAL"
},
"title": "Arbitrary File Write in High Availability Backup Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-0745",
"datePublished": "2023-02-09T16:08:57.723Z",
"dateReserved": "2023-02-08T12:08:53.977Z",
"dateUpdated": "2025-03-24T18:33:37.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0575 (GCVE-0-2023-0575)
Vulnerability from nvd – Published: 2023-02-09 16:12 – Updated: 2025-03-24 18:34
VLAI
Title
Remote Code Execution
Summary
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py.
This issue affects Yugabyte DB: Lesser then 2.2.0.0
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | YugabyteDB |
Affected:
2.0 , < 2.15
(2.0 to 2.14)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T17:33:06.055344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:34:16.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"DevopsBase.java:execCommand",
"TableManager.java:runCommand"
],
"platforms": [
"Linux",
"Docker",
"Kubernetes",
"MacOS"
],
"product": "YugabyteDB",
"vendor": "YugabyteDB",
"versions": [
{
"lessThan": "2.15",
"status": "affected",
"version": "2.0",
"versionType": "2.0 to 2.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "External Control of Critical State Data, Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ebackup.Py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Yugabyte DB: Lesser then 2.2.0.0\u003c/p\u003e"
}
],
"value": "External Control of Critical State Data, Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py.\n\nThis issue affects Yugabyte DB: Lesser then 2.2.0.0\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
},
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-642",
"description": "CWE-642: External Control of Critical State Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T22:22:52.652Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"url": "https://www.yugabyte.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use Yugabyte version\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cb\u003e2.3.3.0-b106\u0026nbsp;\u003c/b\u003eor higher.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Use Yugabyte version\u00a02.3.3.0-b106\u00a0or higher.\n\n"
}
],
"source": {
"defect": [
"PLAT-3444"
],
"discovery": "INTERNAL"
},
"title": "Remote Code Execution",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn \u003c/span\u003e\u003ccode\u003eyugaware/config/configs\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e folder there is a file \u003c/span\u003e\u003ccode\u003eacceptableKeys.yaml\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e which contains a list of acceptable keys for different types of providers. Edit it and restart the Yugaware process to reload the list.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In yugaware/config/configs folder there is a file acceptableKeys.yaml which contains a list of acceptable keys for different types of providers. Edit it and restart the Yugaware process to reload the list.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-0575",
"datePublished": "2023-02-09T16:12:46.327Z",
"dateReserved": "2023-01-30T08:16:20.523Z",
"dateUpdated": "2025-03-24T18:34:16.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0574 (GCVE-0-2023-0574)
Vulnerability from nvd – Published: 2023-02-09 14:55 – Updated: 2025-03-24 18:33
VLAI
Title
Server-Side Request Forgery
Summary
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugabyteDB | YugabyteDB Anywhere |
Affected:
2.0.0.0 , ≤ 2.13.0.0
(2.0 to 2.13)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T17:34:08.279514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:33:02.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"UniverseCRUDHandler.java"
],
"platforms": [
"Linux",
"Docker",
"Kubernetes"
],
"product": "YugabyteDB Anywhere",
"vendor": "YugabyteDB",
"versions": [
{
"lessThanOrEqual": "2.13.0.0",
"status": "affected",
"version": "2.0.0.0",
"versionType": "2.0 to 2.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.\u003cp\u003eThis issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
},
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
},
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T22:20:52.094Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"url": "https://www.yugabyte.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in version 2.14 onwards .\u0026nbsp;"
}
],
"value": "Fixed in version 2.14 onwards .\u00a0"
}
],
"source": {
"defect": [
"PLAT-3195"
],
"discovery": "INTERNAL"
},
"title": "Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2023-0574",
"datePublished": "2023-02-09T14:55:29.165Z",
"dateReserved": "2023-01-30T08:15:55.659Z",
"dateUpdated": "2025-03-24T18:33:02.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37397 (GCVE-0-2022-37397)
Vulnerability from nvd – Published: 2022-08-12 18:01 – Updated: 2024-08-03 10:29
VLAI
Title
The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft’s Active Directory
Summary
An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password.
Severity
8.3 (High)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.yugabyte.com/ | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YugaByte, Inc. | Yugabyte DB |
Affected:
2.6.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.yugabyte.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macos, darwin"
],
"product": "Yugabyte DB",
"vendor": "YugaByte, Inc.",
"versions": [
{
"status": "affected",
"version": "2.6.1.0"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-12T18:01:37.000Z",
"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"shortName": "Yugabyte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.yugabyte.com/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to non-vulnerable version 2.6.1.1+"
}
],
"source": {
"defect": [
"PLAT-4383"
],
"discovery": "EXTERNAL"
},
"title": "The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory",
"workarounds": [
{
"lang": "en",
"value": "Disable LDAP for YCQL."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@yugabyte.com",
"ID": "CVE-2022-37397",
"STATE": "PUBLIC",
"TITLE": "The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yugabyte DB",
"version": {
"version_data": [
{
"platform": "macos, darwin",
"version_name": "2.6.1.0",
"version_value": "2.6.1.0"
}
]
}
}
]
},
"vendor_name": "YugaByte, Inc."
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft\u2019s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yugabyte.com/",
"refsource": "CONFIRM",
"url": "https://www.yugabyte.com/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to non-vulnerable version 2.6.1.1+"
}
],
"source": {
"defect": [
"PLAT-4383"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable LDAP for YCQL."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
"assignerShortName": "Yugabyte",
"cveId": "CVE-2022-37397",
"datePublished": "2022-08-12T18:01:37.000Z",
"dateReserved": "2022-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:21.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3800 (GCVE-0-2019-3800)
Vulnerability from nvd – Published: 2019-08-05 16:38 – Updated: 2024-09-17 04:29
VLAI
Title
CF CLI writes the client id and secret to config file
Summary
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
Severity
6.3 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cloudfoundry.org/blog/cve-2019-3800 | x_refsource_CONFIRM |
| https://pivotal.io/security/cve-2019-3800 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cloud Foundry | CF CLI Release |
Affected:
v1.x before v1.16.0
|
|
| Cloud Foundry | CF CLI |
Affected:
versions prior to v6.45.0
|
Date Public
2019-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CF CLI Release",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "v1.x before v1.16.0"
}
]
},
{
"product": "CF CLI",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "versions prior to v6.45.0"
}
]
}
],
"datePublic": "2019-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T16:38:20.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3800"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CF CLI writes the client id and secret to config file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-07-18T00:00:00.000Z",
"ID": "CVE-2019-3800",
"STATE": "PUBLIC",
"TITLE": "CF CLI writes the client id and secret to config file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CF CLI Release",
"version": {
"version_data": [
{
"version_value": "v1.x before v1.16.0"
}
]
}
},
{
"product_name": "CF CLI",
"version": {
"version_data": [
{
"version_value": "versions prior to v6.45.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-3800",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"name": "https://pivotal.io/security/cve-2019-3800",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3800"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3800",
"datePublished": "2019-08-05T16:38:20.424Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:29:08.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}