36 matches found
CVE-2024-24565 CrateDB database has an arbitrary file read vulnerability
CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...
CVE-2024-24565 CrateDB database has an arbitrary file read vulnerability
CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...
CVE-2024-24565
Summary: CVE-2024-24565 affects CrateDB. An issue in the COPY FROM function lets authenticated users import arbitrary file content into database tables, causing information leakage. What’s affected: CrateDB (all current versions prior to the patch channels) with COPY FROM functionality that reads...
CrateDB authentication bypass vulnerability
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
GHSA-7MGX-GVJW-M3W3 CrateDB authentication bypass vulnerability
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
CVE-2023-51982
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
Authentication flaw
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
PYSEC-2024-27
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
PT-2024-40900 · Crateio · Cratedb
Name of the Vulnerable Software and Affected Versions: CrateDB version 5.5.1 Description: The issue concerns an authentication bypass in the Admin UI component. It can be exploited by setting the X-Real-IP request header to a specific value, allowing access to the Admin UI using the default user...
CrateDB Path Traversal Vulnerability
CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A path traversal vulnerability exists in CrateDB versions prior to 5.3.9, 5.4.8, 5.5.4, and 5.6.1, which stems from a flaw in the COPY FROM function that can be exploited to import the contents of an arbitrary file into a...
PT-2024-20456 · Cratedb · Cratedb
Name of the Vulnerable Software and Affected Versions: CrateDB versions prior to 5.3.9 CrateDB versions prior to 5.4.8 CrateDB versions prior to 5.5.4 CrateDB versions prior to 5.6.1 Description: The CrateDB database has a flaw in its COPY FROM function, which allows authenticated attackers to...
CVE-2023-51982
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
CrateDB Security Vulnerability
CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A security vulnerability exists in CrateDB version 5.5.1, which stems from an authentication bypass vulnerability contained in the Admin UI component, which can be bypassed by setting the X-Real IP request header to a specific...
CVE-2023-51982
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
CVE-2023-51982
CrateDB 5.5.1 exposes an authentication bypass in the Admin UI. When password authentication is configured, an X-Real-IP header can bypass identity checks, allowing direct Admin UI access with the default user identity. Reported as CVE-2023-51982 with a CRITICAL CVSS v3.1 score (9.8). Affected: A...
CVE-2023-51982
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...