CVE-2023-4640

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-4640

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4640.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-4640

Published

2023-08-30T17:15:11Z

Modified

2025-02-18T20:43:37Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3

References

https://www.yugabyte.com/

Affected packages

Git / github.com/yugabyte/yugabyte-db

Affected ranges

Type: GIT
Repo: https://github.com/yugabyte/yugabyte-db
Events: Introduced

0b543e8ec9f16ae989ba29873e2d1d7977551b23

Last affected

c13fc2d58dce72bad97540f8b7c4428562be5aca