CVE-2024-6908

July 19, 2024, 3:15 p.m.

None
No Score

Description

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.

Product(s) Impacted

Product Versions
Yugabyte Platform
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662
https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb

Tags

CWE-269
2024-07-19
security@yugabyte.com
CVE-2024-6908

Timeline

Published: July 19, 2024, 3:15 p.m.
Last Modified: July 19, 2024, 3:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@yugabyte.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.