Known Vulnerabilities for Yugabytedb by Yugabyte
Listed below are 5 of the newest known vulnerabilities associated with "Yugabytedb" by "Yugabyte".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-6002 json | YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can al... | 6.1 - MEDIUM | 2023-11-08 | 2023-11-15 |
| CVE-2023-6001 json | Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB... | 7.5 - HIGH | 2023-11-08 | 2023-11-16 |
| CVE-2023-4640 json | The controller responsible for setting the logging level does not include any authorization checks to ensure the user is auth... | 7.5 - HIGH | 2023-08-30 | 2023-09-05 |
| CVE-2023-0575 json | External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte,... | 9.8 - CRITICAL | 2023-02-09 | 2023-11-10 |
| CVE-2022-37397 json | An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Direct... | 9.8 - CRITICAL | 2022-08-12 | 2022-08-16 |