CVE-2024-6908

Severity CVSS v4.0:

Pending analysis

Type:

CWE-269 Improper Privilege Management

Publication date:

19/07/2024

Last modified:

22/07/2024

Description

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.

Impact

References to Advisories, Solutions, and Tools

https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662
https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb