CVE-2024-11165

🗓️ 13 Nov 2024 14:19:51Reported by YugabyteType

Information disclosure vulnerability in backup configuration process, leaking SAS token in plaintext, leading to potential unauthorized acces

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-11165	13 Nov 202417:13	–	circl
CNNVD	YugabyteDB 日志信息泄露漏洞	13 Nov 202400:00	–	cnnvd
Cvelist	CVE-2024-11165	13 Nov 202414:19	–	cvelist
EUVD	EUVD-2024-33678	3 Oct 202520:07	–	euvd
NVD	CVE-2024-11165	13 Nov 202415:15	–	nvd
Positive Technologies	PT-2024-16795 · Yugabyte · Yugabytedb	13 Nov 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-11165	23 May 202507:52	–	redhatcve
Vulnrichment	CVE-2024-11165	13 Nov 202414:19	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "Docker",
      "Kubernetes"
    ],
    "product": "YugabyteDB Anywhere",
    "vendor": "YugabyteDB",
    "versions": [
      {
        "lessThan": "2.20.7.0",
        "status": "affected",
        "version": "2.20.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "2.23.1.0",
        "status": "affected",
        "version": "2.23.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "2024.1.3.0",
        "status": "affected",
        "version": "2024.1.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/yugabyte/yugabyte-db/commit/920989b6c0db0222bb7a0cce46febc76cf72d438

15 Apr 2026 00:35Current

6.5Medium risk

Vulners AI Score6.5

CVSS 45.7

EPSS0.00097

SSVC

CWE-532