Information disclosure in Yugabytedb Anywhere
CVE-2024-0006
Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.
EPSS: 0.003 (17.9th percentile) — read the EPSS interpretation.
Affected products
- Yugabytedb Anywhere — versions 2.18.0.0, 2.20.0.0, 2024.0.0.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security@yugabyte.com (patch)
- security@yugabyte.com (patch)
- security@yugabyte.com (patch)
Frequently asked questions
- What is CVE-2024-0006?
- CVE-2024-0006 is a vulnerability in Yugabytedb Anywhere, classified under Insertion of Sensitive Information into Log File. Published 2024-07-19.
- Is CVE-2024-0006 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.