CVE-2024-0006

Published: Jul 19, 2024

Modified: Aug 1, 2024

PUBLISHED

Description

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.

Vendor	Product	Versions
YugabyteDB	YugabyteDB Anywhere	affected `2.18.0.0 - < 2.18.9.0` affected `2.20.0.0 - < 2.20.2.3` affected `2024.0.0.0 - < 2024.1.1.0`

Weaknesses (CWE)

CWE-532

References

https://github.com/yugabyte/yugabyte-db/commit/439c6286f1971f9ac6bff2c7215b454c2025c593

patch

https://github.com/yugabyte/yugabyte-db/commit/d96e6b629f34d065b47204daeeb44064e484c579

patch

https://github.com/yugabyte/yugabyte-db/commit/5cc7f4e15d6ccccbf97c57946fd0aa630f88c9e2

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-0006

Description

Affected Products

Weaknesses (CWE)

References