Lucene search
GoogleOSV:GO-2023-1717HistoryApr 12, 2023 - 8:20 p.m.
Improper handling of keyspaces in vitess.io/vitess
2023-04-1220:20:52
Google
osv.dev
8
improper handling
keyspace
vitess.io
software
error
4.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
3.6 Low
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.6%
Users can create a keyspace containing ‘/’. Future attempts to view keyspaces from some tools (including VTAdmin and “vtctldclient GetKeyspaces”) receive an error.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vitess.io/vitess | lt | 0.16.1 |
Related
osv
osv
vitess allows users to create keyspaces that can deny access to already existing keyspaces
2023-04-11 21:12:42
CVE-2023-29194
2023-04-14 19:15:09
prion
prion
Design/Logic Flaw
2023-04-14 19:15:00
cbl_mariner
cbl_mariner
CVE-2023-29194 affecting package vitess for versions less than 16.0.2-1
2023-06-02 21:37:28
github
github
cve
cve
CVE-2023-29194
2023-04-14 19:15:09
cvelist
cvelist
veracode
veracode
Improper Input Validation
2023-04-19 16:52:02
nvd
nvd
CVE-2023-29194
2023-04-14 19:15:09
4.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
3.6 Low
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.6%
Related for OSV:GO-2023-1717