CVE-2023-0575 (GCVE-0-2023-0575)
Vulnerability from cvelistv5
Published
2023-02-09 16:12
Modified
2025-03-24 18:34
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-642 - External Control of Critical State Data
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0
References
Impacted products
Vendor Product Version
YugabyteDB YugabyteDB Version: 2.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:17:49.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.yugabyte.com/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0575",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-24T17:33:06.055344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-24T18:34:16.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "DevopsBase.java:execCommand",
            "TableManager.java:runCommand"
          ],
          "platforms": [
            "Linux",
            "Docker",
            "Kubernetes",
            "MacOS"
          ],
          "product": "YugabyteDB",
          "vendor": "YugabyteDB",
          "versions": [
            {
              "lessThan": "2.15",
              "status": "affected",
              "version": "2.0",
              "versionType": "2.0 to 2.14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "External Control of Critical State Data, Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ebackup.Py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Yugabyte DB: Lesser then 2.2.0.0\u003c/p\u003e"
            }
          ],
          "value": "External Control of Critical State Data, Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py.\n\nThis issue affects Yugabyte DB: Lesser then 2.2.0.0\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-113",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-113 API Manipulation"
            }
          ]
        },
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-642",
              "description": "CWE-642: External Control of Critical State Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-10T22:22:52.652Z",
        "orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
        "shortName": "Yugabyte"
      },
      "references": [
        {
          "url": "https://www.yugabyte.com/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use Yugabyte version\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cb\u003e2.3.3.0-b106\u0026nbsp;\u003c/b\u003eor higher.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Use Yugabyte version\u00a02.3.3.0-b106\u00a0or higher.\n\n"
        }
      ],
      "source": {
        "defect": [
          "PLAT-3444"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Remote Code Execution",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn \u003c/span\u003e\u003ccode\u003eyugaware/config/configs\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e folder there is a file \u003c/span\u003e\u003ccode\u003eacceptableKeys.yaml\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e which contains a list of acceptable keys for different types of providers. Edit it and restart the Yugaware process to reload the list.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In yugaware/config/configs folder there is a file acceptableKeys.yaml which contains a list of acceptable keys for different types of providers. Edit it and restart the Yugaware process to reload the list.\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
    "assignerShortName": "Yugabyte",
    "cveId": "CVE-2023-0575",
    "datePublished": "2023-02-09T16:12:46.327Z",
    "dateReserved": "2023-01-30T08:16:20.523Z",
    "dateUpdated": "2025-03-24T18:34:16.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-0575\",\"sourceIdentifier\":\"security@yugabyte.com\",\"published\":\"2023-02-09T17:15:15.730\",\"lastModified\":\"2024-11-21T07:37:25.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"External Control of Critical State Data, Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py.\\n\\nThis issue affects Yugabyte DB: Lesser then 2.2.0.0\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@yugabyte.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@yugabyte.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"},{\"lang\":\"en\",\"value\":\"CWE-642\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0.0\",\"matchCriteriaId\":\"496831DD-51F4-4846-AC1D-BAAF84B79328\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5415705-33E5-46D5-8E4D-9EBADC8C5705\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://www.yugabyte.com/\",\"source\":\"security@yugabyte.com\",\"tags\":[\"Product\"]},{\"url\":\"https://www.yugabyte.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.yugabyte.com/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:17:49.883Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-0575\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-24T17:33:06.055344Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-24T17:33:35.257Z\"}}], \"cna\": {\"title\": \"Remote Code Execution\", \"source\": {\"defect\": [\"PLAT-3444\"], \"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-113\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-113 API Manipulation\"}]}, {\"capecId\": \"CAPEC-122\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-122 Privilege Abuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"YugabyteDB\", \"modules\": [\"DevopsBase.java:execCommand\", \"TableManager.java:runCommand\"], \"product\": \"YugabyteDB\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\", \"lessThan\": \"2.15\", \"versionType\": \"2.0 to 2.14\"}], \"platforms\": [\"Linux\", \"Docker\", \"Kubernetes\", \"MacOS\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Use Yugabyte version\\u00a02.3.3.0-b106\\u00a0or higher.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use Yugabyte version\u0026nbsp;\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u003cb\u003e2.3.3.0-b106\u0026nbsp;\u003c/b\u003eor higher.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.yugabyte.com/\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"In yugaware/config/configs folder there is a file acceptableKeys.yaml which contains a list of acceptable keys for different types of providers. Edit it and restart the Yugaware process to reload the list.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIn \u003c/span\u003e\u003ccode\u003eyugaware/config/configs\u003c/code\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e folder there is a file \u003c/span\u003e\u003ccode\u003eacceptableKeys.yaml\u003c/code\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e which contains a list of acceptable keys for different types of providers. Edit it and restart the Yugaware process to reload the list.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"External Control of Critical State Data, Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py.\\n\\nThis issue affects Yugabyte DB: Lesser then 2.2.0.0\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"External Control of Critical State Data, Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ebackup.Py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Yugabyte DB: Lesser then 2.2.0.0\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-642\", \"description\": \"CWE-642: External Control of Critical State Data\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"d4ae51d3-4db5-465e-bc8a-eb6768324078\", \"shortName\": \"Yugabyte\", \"dateUpdated\": \"2023-11-10T22:22:52.652Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-0575\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-24T18:34:16.202Z\", \"dateReserved\": \"2023-01-30T08:16:20.523Z\", \"assignerOrgId\": \"d4ae51d3-4db5-465e-bc8a-eb6768324078\", \"datePublished\": \"2023-02-09T16:12:46.327Z\", \"assignerShortName\": \"Yugabyte\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.