CVE-2024-0006

Severity CVSS v4.0:

Pending analysis

Type:

CWE-532 Information Exposure Through Log Files

Publication date:

19/07/2024

Last modified:

22/07/2024

Description

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.

Impact

References to Advisories, Solutions, and Tools

https://github.com/yugabyte/yugabyte-db/commit/439c6286f1971f9ac6bff2c7215b454c2025c593
https://github.com/yugabyte/yugabyte-db/commit/5cc7f4e15d6ccccbf97c57946fd0aa630f88c9e2
https://github.com/yugabyte/yugabyte-db/commit/d96e6b629f34d065b47204daeeb44064e484c579