3 matches found
CVE-2024-24565
Summary: CVE-2024-24565 affects CrateDB. An issue in the COPY FROM function lets authenticated users import arbitrary file content into database tables, causing information leakage. What’s affected: CrateDB (all current versions prior to the patch channels) with COPY FROM functionality that reads...
CVE-2024-37309
CVE-2024-37309 affects CrateDB
CVE-2023-51982
CrateDB 5.5.1 exposes an authentication bypass in the Admin UI. When password authentication is configured, an X-Real-IP header can bypass identity checks, allowing direct Admin UI access with the default user identity. Reported as CVE-2023-51982 with a CRITICAL CVSS v3.1 score (9.8). Affected: A...