CVE-2023-6002

CVSS V2 None CVSS V3 None

Description

YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.

Overview

CVE ID
CVE-2023-6002

Assigner
Yugabyte

Vulnerability Status
PUBLISHED

Published Version
2023-11-07T23:56:50.729Z

Last Modified Date
2023-11-09T19:18:33.398Z

Weakness Enumerations

CWE	URL
CWE-117	http://cwe.mitre.org/data/definitions/117.html

References

Reference URL	Reference Tags
https://www.yugabyte.com/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-6002
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6002

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 07:02:55				Added to TrackCVE