17 matches found
EUVD-2024-33682
Malicious code in bioql PyPI...
EUVD-2023-12763
Malicious code in bioql PyPI...
CVE-2025-8866
YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records...
PT-2025-32557 · Yugabyte · Yugabytedb Anywhere
Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere affected versions not specified Description: The YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to...
CVE-2024-11193
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...
CVE-2023-0745
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...
CVE-2024-11193
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...
CVE-2024-11193
The CVE-2024-11193 issue concerns Yugabyte Anywhere where the LDAP bind password is logged in plaintext in application logs, exposing sensitive credentials to anyone with log access. Affected Yugabyte Anywhere versions are 2.20.0.0–2.20.6.0, 2.23.0.0, and 2024.1.0.0–2024.1.2.0. Root cause: creden...
CVE-2024-11193
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...
CVE-2024-11193
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...
CVE-2024-11193
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...
PT-2024-16810 · Yugabyte · Yugabytedb Anywhere
Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.20.0.0 through 2.20.6.0 YugabyteDB Anywhere versions 2.23.0.0 through 2.23.0.0 YugabyteDB Anywhere versions 2024.1.0.0 through 2024.1.2.0 Description: An information disclosure issue exists in Yugabyte Anywhere,...
CVE-2023-0745
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...
Path traversal
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...
CVE-2023-0745 Arbitrary File Write in High Availability Backup Upload
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...
CVE-2023-0745 Arbitrary File Write in High Availability Backup Upload
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...
CVE-2023-0745
CVE-2023-0745 affects YugabyteDB Anywhere (versions 2.0.0.0–2.13.0.0). The issue is in the backup upload endpoint via path traversal in the PlatformReplicationManager.Java program, allowing arbitrary file writes and impacting confidentiality, integrity, and availability. The connected sources con...