Yugabytedb Yugabytedb Anywhere

8 CVEs affecting Yugabytedb Yugabytedb Anywhere. Latest disclosed: 2024-11-13. Critical: 0, High: 0.

Top CVEs affecting Yugabytedb Yugabytedb Anywhere
CVESeverityScorePublishedSummary
CVE-2023-0574Medium6.82023-02-09Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentic…
CVE-2023-0745Medium6.72023-02-09 The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoin…
CVE-2024-11193Medium6.52024-11-13An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw res…
CVE-2023-6001Medium5.32023-11-08Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.
CVE-2024-111652024-11-13An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversi…
CVE-2024-69082024-07-19Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potent…
CVE-2024-68952024-07-19Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical s…
CVE-2024-00062024-07-19Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in l…