CVE-2022-31011

Source
https://cve.org/CVERecord?id=CVE-2022-31011
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31011.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31011
Aliases
Published
2022-05-31T19:30:18Z
Modified
2026-07-08T06:03:54.543574578Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
TiDB authentication bypass vulnerability
Details

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31011.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-287"
    ]
}
References

Affected packages

Git / github.com/pingcap/tidb

Affected ranges

Type
GIT
Repo
https://github.com/pingcap/tidb
Events
Database specific
{
    "cpe": "cpe:2.3:a:pingcap:tidb:5.3.0:*:*:*:*:*:*:*",
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "5.3.0"
        },
        {
            "last_affected": "5.3.0"
        }
    ]
}

Affected versions

5.*
5.3.0
= 5.*
= 5.3.0
v5.*
v5.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31011.json"