{"api_version":"1","generated_at":"2026-04-23T08:15:18+00:00","cve":"CVE-2023-6002","urls":{"html":"https://cve.report/CVE-2023-6002","api":"https://cve.report/api/cve/CVE-2023-6002.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-6002","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-6002"},"summary":{"title":"CVE-2023-6002","description":"YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an attacker to forge log entries or inject malicious content into the logs.","state":"PUBLIC","assigner":"security@yugabyte.com","published_at":"2023-11-08 00:15:00","updated_at":"2023-11-15 15:16:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://www.yugabyte.com/","name":"https://www.yugabyte.com/","refsource":"","tags":[],"title":"YugabyteDB—The Distributed SQL Database for Mission-Critical Applications","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-6002","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6002","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"6002","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"yugabyte","cpe5":"yugabytedb","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-6002","ASSIGNER":"security@yugabyte.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an attacker to forge log entries or inject malicious content into the logs.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-117: Improper Output Neutralization for Logs","cweId":"CWE-117"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"YugabyteDB","product":{"product_data":[{"product_name":"YugabyteDB","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"lessThanOrEqual":"2.14.13.0, 2.16.7.0, 2.18.3.0","status":"affected","version":"2.0.0.0","versionType":"semver"},{"status":"unaffected","version":"2.14.14.0"},{"status":"unaffected","version":"2.16.8.0"},{"status":"unaffected","version":"2.18.4.0"}],"defaultStatus":"unaffected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.yugabyte.com/","refsource":"MISC","name":"https://www.yugabyte.com/"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-11-08 00:15:00","lastModifiedDate":"2023-11-15 15:16:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*","versionStartIncluding":"2.18.0.0","versionEndExcluding":"2.18.4.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*","versionStartIncluding":"2.16.0.0","versionEndExcluding":"2.16.8.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*","versionStartIncluding":"2.14.0.0","versionEndExcluding":"2.14.14.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}