CVE-2024-6908 Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request

🗓️ 19 Jul 2024 14:57:00Reported by YugabyteType

Improper privilege management in Yugabyte Platform allows admin to escalate privilege

Reporter	Title	Published	Views	Family All 6
Circl	CVE-2024-6908	19 Jul 202417:52	–	circl
CVE	CVE-2024-6908	19 Jul 202414:57	–	cve
EUVD	EUVD-2024-47897	3 Oct 202520:07	–	euvd
NVD	CVE-2024-6908	19 Jul 202415:15	–	nvd
Positive Technologies	PT-2024-37949 · Yugabyte · Yugabyte Platform	19 Jul 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-6908 Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request	19 Jul 202414:57	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "Docker",
      "Kubernetes"
    ],
    "product": "YugabyteDB Anywhere",
    "vendor": "YugabyteDB",
    "versions": [
      {
        "lessThanOrEqual": "2.14.17.0",
        "status": "affected",
        "version": "2.14.0.0",
        "versionType": "git"
      },
      {
        "lessThanOrEqual": "2.16.9.0",
        "status": "affected",
        "version": "2.16.0.0",
        "versionType": "git"
      },
      {
        "lessThan": "2.18.7.0",
        "status": "affected",
        "version": "2.18.0.0",
        "versionType": "git"
      },
      {
        "lessThan": "2.20.3.0",
        "status": "affected",
        "version": "2.20.0.0",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb
github	www.github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662

19 Jul 2024 14:57Current

CVSS 46

EPSS0.00051

CWE-269