CVE-2024-6908
July 19, 2024, 3:15 p.m.
Tags
Product(s) Impacted
Yugabyte Platform
Description
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.
Weaknesses
CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE ID: 269Date
Published: July 19, 2024, 3:15 p.m.
Last Modified: July 19, 2024, 3:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@yugabyte.com