Information disclosure in Yugabytedb Anywhere

CVE-2024-0006

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.

EPSS: 0.003 (17.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-0006?
CVE-2024-0006 is a vulnerability in Yugabytedb Anywhere, classified under Insertion of Sensitive Information into Log File. Published 2024-07-19.
Is CVE-2024-0006 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.