Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CrateDB 安全漏洞
Vulnerability Description
CrateDB是CrateDB公司的一个分布式且可扩展的 SQL 数据库。 CrateDB 5.5.1版本存在安全漏洞,该漏洞源于Admin UI组件中包含身份验证绕过漏洞,在配置密码认证和本地地址的情况下,可以通过将X-Real IP请求头设置为特定值并使用默认用户身份直接访问Admin UI来绕过身份认证。
CVSS Information
N/A
Vulnerability Type
N/A