CVE-2023-6002

🗓️ 07 Nov 2023 23:56:50Reported by YugabyteType

YugabyteDB XSS vulnerability via log injection

Reporter	Title	Published	Views	Family All 6
CNNVD	YugabyteDB Cross-Site Scripting Vulnerability	7 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-6002 Log Injection	7 Nov 202323:56	–	cvelist
EUVD	EUVD-2023-58269	3 Oct 202520:07	–	euvd
NVD	CVE-2023-6002	8 Nov 202300:15	–	nvd
Prion	Cross site scripting	8 Nov 202300:15	–	prion
Vulnrichment	CVE-2023-6002 Log Injection	7 Nov 202323:56	–	vulnrichment

NVD

Node

yugabyte yugabytedbRange2.14.0.0–2.14.14.0

yugabyte yugabytedbRange2.16.0.0–2.16.8.0

yugabyte yugabytedbRange2.18.0.0–2.18.4.0

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "Docker",
      "Kubernetes",
      "MacOS"
    ],
    "product": "YugabyteDB",
    "vendor": "YugabyteDB",
    "versions": [
      {
        "lessThanOrEqual": "2.14.13.0, 2.16.7.0, 2.18.3.0",
        "status": "affected",
        "version": "2.0.0.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "2.14.14.0"
      },
      {
        "status": "unaffected",
        "version": "2.16.8.0"
      },
      {
        "status": "unaffected",
        "version": "2.18.4.0"
      }
    ]
  }
]

Source	Link
yugabyte	www.yugabyte.com/

21 Nov 2024 08:42Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.1 - 6.5

EPSS0.00157

SSVC