The controller responsible for setting the logging level does not include any authorization
checks to ensure the user is authenticated. This can be seen by noting that it extends
Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3
References
Link | Resource |
---|---|
https://www.yugabyte.com/ | Product |
Configurations
History
05 Sep 2023, 15:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Yugabyte
Yugabyte yugabytedb |
|
CPE | cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-Other | |
References | (MISC) https://www.yugabyte.com/ - Product |
30 Aug 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-30 17:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4640
Mitre link : CVE-2023-4640
CVE.ORG link : CVE-2023-4640
JSON object : View
Products Affected
yugabyte
- yugabytedb
CWE