CVE-2023-0745
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary
files through the backup upload endpoint by using path traversal characters.
This vulnerability is associated with program files PlatformReplicationManager.Java.
This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| YugabyteDB | YugabyteDB Anywhere | 2.0 <= 2.13 | affected |
Weaknesses
- CWE-23: CWE-23: Relative Path Traversal
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.