Lucene search
K

31 matches found

RedhatCVE
RedhatCVE
added 2026/02/09 12:3 p.m.16 views

CVE-2026-1966

A flaw was found in YugabyteDB Anywhere. This vulnerability allows an authenticated user with access to the configuration view to obtain Lightweight Directory Access Protocol LDAP bind passwords. These passwords are displayed in cleartext within the web user interface UI when configured via gflag...

6.5CVSS5.1AI score0.00163EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/05 11:38 a.m.5 views

CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

2.4CVSS5.4AI score0.00163EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/05 11:38 a.m.7 views

EUVD-2026-5553

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

2.4CVSS5.4AI score0.00163EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.9 views

YugabyteDB Anywhere 安全漏洞

YugabyteDB Anywhere is a database offered by the American company YugabyteDB. There is a security vulnerability in YugabyteDB Anywhere, which stems from the web interface displaying LDAP binding passwords in plain text. This vulnerability may allow authenticated users to obtain credentials, leadi...

2.4CVSS5.8AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6551

Name of the Vulnerable Software and Affected Versions YugabyteDB Anywhere affected versions not specified Description YugabyteDB Anywhere reveals LDAP bind passwords in plain text within its web user interface. An authenticated user who can access the configuration view may be able to obtain thes...

2.4CVSS5.4AI score0.00163EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54492

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00329EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58268

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00577EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-33678

Malicious code in bioql PyPI...

5.7CVSS6.6AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 2025/08/11 4:25 p.m.27 views

CVE-2025-8866

Summary: CVE-2025-8866 affects the YugabyteDB Anywhere web server, where the /metamaster/universe API endpoint does not properly enforce authentication. What’s affected: YugabyteDB Anywhere web server (specific versions not enumerated in provided documents). Root cause (as described): Authenticat...

5.1CVSS7.3AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.7 views

CVE-2023-0745

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

9.8CVSS7.3AI score0.00514EPSS
Exploits0References1
NVD
NVD
added 2024/11/13 3:15 p.m.20 views

CVE-2024-11165

An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...

5.7CVSS0.00137EPSS
Exploits0References1
OSV
OSV
added 2024/11/13 3:15 p.m.7 views

CVE-2024-11165

An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...

5.7CVSS6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/13 2:19 p.m.9 views

CVE-2024-11165

An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...

5.7CVSS6.3AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 2:19 p.m.40 views

CVE-2024-11165

CVE-2024-11165 describes an information disclosure in the backup configuration flow where the SAS token is not masked in the response, causing plaintext leakage in the yb_backup logs. Affected: YugabyteDB Anywhere versions 2.20.0.0–2.20.6.0, 2.23.0.0–2.23.0.0, and 2024.1.0.0–2024.1.2.0 (per PT-20...

5.7CVSS6.5AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/13 2:19 p.m.15 views

CVE-2024-11165

An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...

5.7CVSS0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.5 views

PT-2024-16795 · Yugabyte · Yugabytedb

Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.20.0.0 through 2.20.6.0 YugabyteDB Anywhere versions 2.23.0.0 through 2.23.0.0 YugabyteDB Anywhere versions 2024.1.0.0 through 2024.1.2.0 YugabyteDB versions prior to D37715 Description: An information disclosur...

5.7CVSS6.7AI score0.00137EPSS
Exploits0References9
NVD
NVD
added 2023/11/08 12:15 a.m.12 views

CVE-2023-6001

Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment...

7.5CVSS0.00577EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/07 11:25 p.m.22 views

CVE-2023-6001 Prometheus Metrics Accessible Pre-Authentication

Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment...

5.3CVSS7.6AI score0.00577EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/07 11:25 p.m.12 views

CVE-2023-6001 Prometheus Metrics Accessible Pre-Authentication

Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment...

5.3CVSS6.5AI score0.00577EPSS
Exploits0References1
CVE
CVE
added 2023/11/07 11:25 p.m.55 views

CVE-2023-6001

Prometheus metrics are accessible without authentication in YugabyteDB Anywhere (CVE-2023-6001). Affected component is Prometheus metrics exposure within YugabyteDB Anywhere, leading to potential exposure of sensitive environment information. Documented impact includes high confidentiality impact...

7.5CVSS6.2AI score0.00577EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder