Lucene search
K

4 matches found

NVD
NVD
added 2023/08/30 5:15 p.m.21 views

CVE-2023-4640

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...

7.5CVSS6.7AI score0.00329EPSS
Exploits0References1
CVE
CVE
added 2023/08/30 4:42 p.m.34 views

CVE-2023-4640

The CVE-2023-4640 entry concerns YugabyteDB Anywhere, affected in versions 2.0.0 through 2.17.3, where the logging level controller lacks authentication checks. Root cause: the controller extends Controller with no auth checks, enabling potential unauthorized changes to logging settings. Impact: ...

7.5CVSS6.9AI score0.00329EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/30 4:42 p.m.23 views

CVE-2023-4640 Set Logging Level Without Authentication

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...

6.5CVSS7.7AI score0.00329EPSS
Exploits0References1
OSV
OSV
added 2023/08/30 4:42 p.m.18 views

CVE-2023-4640 Set Logging Level Without Authentication

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...

6.5CVSS5.9AI score0.00329EPSS
Exploits0References4
Rows per page
Query Builder