CVE-2023-4640
CVSS V2 None
CVSS V3 None
Description
The controller responsible for setting the logging level does not include any authorization
checks to ensure the user is authenticated. This can be seen by noting that it extends
Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3
Overview
- CVE ID
- CVE-2023-4640
- Assigner
- Yugabyte
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-08-30T16:42:45.242Z
- Last Modified Date
- 2023-08-30T16:42:45.242Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.yugabyte.com/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-4640 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4640 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 19:39:53 | Added to TrackCVE |