Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Set Logging Level Without Authentication
Vulnerability Description
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
YugabyteDB 安全漏洞
Vulnerability Description
YugabyteDB是美国Yugabyte公司的一款用于云原生应用程序的高性能事务性分布式 SQL 数据库。 YugabyteDB Anywhere 2.0.0 到 2.17.3版本存在安全漏洞,该漏洞源于负责设置日志级别的控制器不包含任何授权检查以确保用户经过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A