31 matches found
CVE-2026-1966
A flaw was found in YugabyteDB Anywhere. This vulnerability allows an authenticated user with access to the configuration view to obtain Lightweight Directory Access Protocol LDAP bind passwords. These passwords are displayed in cleartext within the web user interface UI when configured via gflag...
CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...
EUVD-2026-5553
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...
YugabyteDB Anywhere 安全漏洞
YugabyteDB Anywhere is a database offered by the American company YugabyteDB. There is a security vulnerability in YugabyteDB Anywhere, which stems from the web interface displaying LDAP binding passwords in plain text. This vulnerability may allow authenticated users to obtain credentials, leadi...
PT-2026-6551
Name of the Vulnerable Software and Affected Versions YugabyteDB Anywhere affected versions not specified Description YugabyteDB Anywhere reveals LDAP bind passwords in plain text within its web user interface. An authenticated user who can access the configuration view may be able to obtain thes...
EUVD-2023-54492
Malicious code in bioql PyPI...
EUVD-2023-58268
Malicious code in bioql PyPI...
EUVD-2024-33678
Malicious code in bioql PyPI...
CVE-2025-8866
Summary: CVE-2025-8866 affects the YugabyteDB Anywhere web server, where the /metamaster/universe API endpoint does not properly enforce authentication. What’s affected: YugabyteDB Anywhere web server (specific versions not enumerated in provided documents). Root cause (as described): Authenticat...
CVE-2023-0745
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
CVE-2024-11165
CVE-2024-11165 describes an information disclosure in the backup configuration flow where the SAS token is not masked in the response, causing plaintext leakage in the yb_backup logs. Affected: YugabyteDB Anywhere versions 2.20.0.0–2.20.6.0, 2.23.0.0–2.23.0.0, and 2024.1.0.0–2024.1.2.0 (per PT-20...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
PT-2024-16795 · Yugabyte · Yugabytedb
Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.20.0.0 through 2.20.6.0 YugabyteDB Anywhere versions 2.23.0.0 through 2.23.0.0 YugabyteDB Anywhere versions 2024.1.0.0 through 2024.1.2.0 YugabyteDB versions prior to D37715 Description: An information disclosur...
CVE-2023-6001
Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment...
CVE-2023-6001 Prometheus Metrics Accessible Pre-Authentication
Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment...
CVE-2023-6001 Prometheus Metrics Accessible Pre-Authentication
Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment...
CVE-2023-6001
Prometheus metrics are accessible without authentication in YugabyteDB Anywhere (CVE-2023-6001). Affected component is Prometheus metrics exposure within YugabyteDB Anywhere, leading to potential exposure of sensitive environment information. Documented impact includes high confidentiality impact...