Products
Yugabyte Platform
Source
security@yugabyte.com
Tags
CVE-2024-0006 details
Published : July 19, 2024, 3:15 p.m.
Last Modified : July 19, 2024, 3:15 p.m.
Last Modified : July 19, 2024, 3:15 p.m.
Description
Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-532 | Insertion of Sensitive Information into Log File | Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. |
References
| URL | Source |
|---|---|
| https://github.com/yugabyte/yugabyte-db/commit/439c6286f1971f9ac6bff2c7215b454c2025c593 | security@yugabyte.com |
| https://github.com/yugabyte/yugabyte-db/commit/5cc7f4e15d6ccccbf97c57946fd0aa630f88c9e2 | security@yugabyte.com |
| https://github.com/yugabyte/yugabyte-db/commit/d96e6b629f34d065b47204daeeb44064e484c579 | security@yugabyte.com |
This website uses the NVD API, but is not approved or certified by it.