Lucene search
+L

36 matches found

cvelist
cvelist
added 2024/01/30 4:46 p.m.60 views

CVE-2024-24565 CrateDB database has an arbitrary file read vulnerability

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...

5.7CVSS6.7AI score0.03084EPSS
Exploits1References2
osv
osv
added 2024/01/30 4:46 p.m.35 views

CVE-2024-24565 CrateDB database has an arbitrary file read vulnerability

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...

5.7CVSS6.5AI score0.03084EPSS
Exploits1References4
cve
cve
added 2024/01/30 4:46 p.m.64 views

CVE-2024-24565

Summary: CVE-2024-24565 affects CrateDB. An issue in the COPY FROM function lets authenticated users import arbitrary file content into database tables, causing information leakage. What’s affected: CrateDB (all current versions prior to the patch channels) with COPY FROM functionality that reads...

6.5CVSS6.4AI score0.03084EPSS
Exploits1References2Affected Software1
github
github
added 2024/01/30 3:30 a.m.21 views

CrateDB authentication bypass vulnerability

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS7.3AI score0.00731EPSS
Exploits1References9Affected Software1
osv
osv
added 2024/01/30 3:30 a.m.9 views

GHSA-7MGX-GVJW-M3W3 CrateDB authentication bypass vulnerability

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

8.7CVSS9.7AI score0.00731EPSS
Exploits1References9
nvd
nvd
added 2024/01/30 1:15 a.m.15 views

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS9.7AI score0.00731EPSS
Exploits1References1
prion
prion
added 2024/01/30 1:15 a.m.10 views

Authentication flaw

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

7.5CVSS7.5AI score0.00731EPSS
Exploits1References1Affected Software1
osv
osv
added 2024/01/30 1:15 a.m.3 views

PYSEC-2024-27

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS5.8AI score
Exploits0References1
ptsecurity
ptsecurity
added 2024/01/30 12:0 a.m.3 views

PT-2024-40900 · Crateio · Cratedb

Name of the Vulnerable Software and Affected Versions: CrateDB version 5.5.1 Description: The issue concerns an authentication bypass in the Admin UI component. It can be exploited by setting the X-Real-IP request header to a specific value, allowing access to the Admin UI using the default user...

9.8CVSS7.3AI score
Exploits0References2
cnnvd
cnnvd
added 2024/01/30 12:0 a.m.5 views

CrateDB Path Traversal Vulnerability

CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A path traversal vulnerability exists in CrateDB versions prior to 5.3.9, 5.4.8, 5.5.4, and 5.6.1, which stems from a flaw in the COPY FROM function that can be exploited to import the contents of an arbitrary file into a...

6.5CVSS7.1AI score0.03084EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2024/01/30 12:0 a.m.5 views

PT-2024-20456 · Cratedb · Cratedb

Name of the Vulnerable Software and Affected Versions: CrateDB versions prior to 5.3.9 CrateDB versions prior to 5.4.8 CrateDB versions prior to 5.5.4 CrateDB versions prior to 5.6.1 Description: The CrateDB database has a flaw in its COPY FROM function, which allows authenticated attackers to...

6.5CVSS6.2AI score0.03084EPSS
Exploits1References13
vulnrichment
vulnrichment
added 2024/01/30 12:0 a.m.7 views

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

7.5AI score0.00731EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/01/30 12:0 a.m.6 views

CrateDB Security Vulnerability

CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A security vulnerability exists in CrateDB version 5.5.1, which stems from an authentication bypass vulnerability contained in the Admin UI component, which can be bypassed by setting the X-Real IP request header to a specific...

9.8CVSS7.4AI score0.00731EPSS
Exploits1References2
osv
osv
added 2024/01/30 12:0 a.m.9 views

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS7.5AI score0.00731EPSS
Exploits1References3
cve
cve
added 2024/01/30 12:0 a.m.40 views

CVE-2023-51982

CrateDB 5.5.1 exposes an authentication bypass in the Admin UI. When password authentication is configured, an X-Real-IP header can bypass identity checks, allowing direct Admin UI access with the default user identity. Reported as CVE-2023-51982 with a CRITICAL CVSS v3.1 score (9.8). Affected: A...

9.8CVSS9.6AI score0.00731EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2024/01/30 12:0 a.m.19 views

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.9AI score0.00731EPSS
Exploits1References1
Rows per page
Query Builder