CVE-2024-0006

Summary

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.

Affected Software

VendorProductVersion RangeStatus
YugabyteDBYugabyteDB Anywhere2.18.0.0 < 2.18.9.0affected
YugabyteDBYugabyteDB Anywhere2.20.0.0 < 2.20.2.3affected
YugabyteDBYugabyteDB Anywhere2024.0.0.0 < 2024.1.1.0affected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References