Yugabytedb Yugabytedb Anywhere
8 CVEs affecting Yugabytedb Yugabytedb Anywhere. Latest disclosed: 2024-11-13. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-0574 | Medium | 6.8 | 2023-02-09 | Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentic… |
CVE-2023-0745 | Medium | 6.7 | 2023-02-09 | The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoin… |
CVE-2024-11193 | Medium | 6.5 | 2024-11-13 | An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw res… |
CVE-2023-6001 | Medium | 5.3 | 2023-11-08 | Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment. |
CVE-2024-11165 | | 2024-11-13 | An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversi… | |
CVE-2024-6908 | | 2024-07-19 | Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potent… | |
CVE-2024-6895 | | 2024-07-19 | Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical s… | |
CVE-2024-0006 | | 2024-07-19 | Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in l… |