4 matches found
CVE-2023-4640
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...
CVE-2023-4640
The CVE-2023-4640 entry concerns YugabyteDB Anywhere, affected in versions 2.0.0 through 2.17.3, where the logging level controller lacks authentication checks. Root cause: the controller extends Controller with no auth checks, enabling potential unauthorized changes to logging settings. Impact: ...
CVE-2023-4640 Set Logging Level Without Authentication
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...
CVE-2023-4640 Set Logging Level Without Authentication
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...