TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.
References
Link | Resource |
---|---|
https://github.com/pingcap/tidb/releases/tag/v5.3.1 | Release Notes Third Party Advisory |
https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22 | Mitigation Third Party Advisory |
https://github.com/pingcap/tidb/releases/tag/v5.3.1 | Release Notes Third Party Advisory |
https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22 | Mitigation Third Party Advisory |
Configurations
History
21 Nov 2024, 07:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/pingcap/tidb/releases/tag/v5.3.1 - Release Notes, Third Party Advisory | |
References | () https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22 - Mitigation, Third Party Advisory |
Information
Published : 2022-05-31 20:15
Updated : 2024-11-21 07:03
NVD link : CVE-2022-31011
Mitre link : CVE-2022-31011
CVE.ORG link : CVE-2022-31011
JSON object : View
Products Affected
pingcap
- tidb
CWE
CWE-287
Improper Authentication