CVE-2024-0006 Vulnerability Details
/
/
/
CVE-2024-0006 Metadata Quick Info
CVE Published: 19/07/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024
Source: Yugabyte |
Vendor: YugabyteDB |
Product: YugabyteDB Anywhere
Status : PUBLISHED
CVE-2024-0006 Description
Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.
Metrics
CVSS Version: 3.1 |
Base Score: n/a
Vector: n/a
l➤ Exploitability Metrics:
Attack Vector (AV)*
Attack Complexity (AC)*
Privileges Required (PR)*
User Interaction (UI)*
Scope (S)*
l➤ Impact Metrics:
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*
Weakness Enumeration (CWE)
CWE-ID: CWE-532
CWE Name: CWE-532 Insertion of Sensitive Information into Log File
Source: YugabyteDB
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID: CAPEC-560
CAPEC Description: CAPEC-560 Use of Known Domain Credentials