4 matches found
Vitess users with backup storage access can write to arbitrary file paths on restore
...
Vitess users with backup storage access can gain unauthorized access to production deployment environments
...
CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...
CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...