CVE-2024-0006 Vulnerability Details

  /     /     /  

CVE-2024-0006 Metadata Quick Info

CVE Published: 19/07/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: Yugabyte | Vendor: YugabyteDB | Product: YugabyteDB Anywhere
Status : PUBLISHED

CVE-2024-0006 Description

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-532
CWE Name: CWE-532 Insertion of Sensitive Information into Log File
Source: YugabyteDB

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-560
CAPEC Description: CAPEC-560 Use of Known Domain Credentials