Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TiDB authentication bypass vulnerability
Vulnerability Description
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
PingCAP TiDB 授权问题漏洞
Vulnerability Description
PingCAP TiDB是中国PingCAP公司的一个开源、云原生、分布式、兼容 MySQL 的数据库,用于弹性扩展和实时分析。 PingCAP TiDB 5.3.0版本存在授权问题漏洞,该漏洞源于应用权限管理存在问题。攻击者可以构造恶意的身份验证请求来利用该漏洞实现权限提升或未授权访问。
CVSS Information
N/A
Vulnerability Type
N/A