CVE-2023-51982
CrateDB 5.5.1 exposes an authentication bypass in the Admin UI. When password authentication is configured, an X-Real-IP header can bypass identity checks, allowing direct Admin UI access with the default user identity. Reported as CVE-2023-51982 with a CRITICAL CVSS v3.1 score (9.8). Affected: A...