Known Vulnerabilities for products from Yugabyte
Listed below are 8 of the newest known vulnerabilities associated with the vendor "Yugabyte".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-6002 json | YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can al... | 6.1 - MEDIUM | 2023-11-08 | 2023-11-15 |
| CVE-2023-6001 json | Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB... | 7.5 - HIGH | 2023-11-08 | 2023-11-16 |
| CVE-2023-4640 json | The controller responsible for setting the logging level does not include any authorization checks to ensure the user is auth... | 7.5 - HIGH | 2023-08-30 | 2023-09-05 |
| CVE-2023-0745 json | Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Managed (PlatformReplicationManager.Java modules) allows Pat... | 9.8 - CRITICAL | 2023-02-09 | 2023-11-10 |
| CVE-2023-0575 json | External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte,... | 9.8 - CRITICAL | 2023-02-09 | 2023-11-10 |
| CVE-2023-0574 json | Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper ... | 9.8 - CRITICAL | 2023-02-09 | 2023-11-10 |
| CVE-2022-37397 json | An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Direct... | 9.8 - CRITICAL | 2022-08-12 | 2022-08-16 |
| CVE-2019-3800 json | CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the use... | 7.8 - HIGH | 2019-08-05 | 2019-10-09 |
Known software with vulnerabilities from Yugabyte
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Yugabyte | Db Enterprise | - |