12 matches found
SUSE CVE-2026-27965
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
CVE-2026-27965
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
EUVD-2026-8818
Vitess users with backup storage access can gain unauthorized access to production deployment environments...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via manipulation of backup manifest files. An attacker can execute arbitrary commands in the production deployment environment by restoring a crafted backup. Workaround This vulnerability can be mitigated by specifying...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via manipulation of backup manifest files. An attacker can execute arbitrary commands in the production deployment environment by restoring a crafted backup. Workaround This vulnerability can be mitigated by specifying...
CVE-2026-27965
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
AZL-78356 CVE-2026-27965 affecting package vitess 19.0.4-7
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
AZL-78593 CVE-2026-27965 affecting package vitess 17.0.7-14
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
CVE-2026-27965
Vitess CVE-2026-27965 affects versions older than 23.0.3 and 22.0.4, where read/write access to backup storage (e.g., S3) lets an attacker modify backup manifest files and cause arbitrary code to run when the backup is restored, potentially gaining unauthorized access to production. A patch exist...
CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
PT-2026-22106
Name of the Vulnerable Software and Affected Versions Vitess versions prior to 23.0.3 Vitess versions prior to 22.0.4 Description Vitess is a database clustering system for horizontal scaling of MySQL. A flaw exists where someone with read/write access to the backup storage location can manipulat...