CVE-2022-31011

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31011
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31011.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31011
Aliases
Related
Published
2022-05-31T20:15:08Z
Modified
2025-01-14T10:59:17.737279Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.

References

Affected packages

Git / github.com/pingcap/tidb

Affected ranges

Type
GIT
Repo
https://github.com/pingcap/tidb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Other

Beta20160630
Beta20160730
Pre-GA
beta4
rc1
rc2
rc2-preview
rc3
rc4

v1.*

v1.0.0
v1.1.0-alpha
v1.1.0-alpha.1
v1.1.0-beta

v2.*

v2.0.0-rc.1
v2.0.0-rc.3
v2.0.0-rc.4
v2.1.0-alpha
v2.1.0-beta
v2.1.0-rc.1
v2.1.0-rc.2
v2.1.0-rc.3

v3.*

v3.0.0-beta
v3.0.0-beta.1
v3.0.0-rc.1

v4.*

v4.0.0-alpha
v4.0.0-beta
v4.0.0-beta.2

v5.*

v5.1.0-alpha
v5.2.0-alpha
v5.3.0
v5.3.0-alpha