QwikSec

Security Database

CVE

CWE

Training

CVE-2023-29194

Published: Apr 14, 2023

Modified: Feb 6, 2025

PUBLISHED

CVSS v3.1

4.1

MEDIUM

Description

Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient).

Vendor	Product	Versions
vitessio	vitess	affected `< 0.16.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

Low

References

https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f

x_refsource_CONFIRM

https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88

x_refsource_MISC

https://github.com/vitessio/vitess/commits/v0.16.1/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.