CVE-2023-0745

Опубликовано: 09 фев. 2023

Источник: nvd

CVSS3: 6.7

CVSS3: 9.8

EPSS Низкий

Описание

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary

files through the backup upload endpoint by using path traversal characters.

This vulnerability is associated with program files PlatformReplicationManager.Java.

This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0

Ссылки

https://www.yugabyte.com/
Product
https://www.yugabyte.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yugabyte:yugabytedb_managed:*:*:*:*:*:*:*:*

Версия от 2.0 (включая) до 2.13 (включая)

EPSS

Процентиль: 27%

0.00098

Низкий

6.7 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-23

CWE-22

Связанные уязвимости

CVE-2023-0745

CVSS3: 6.7

debian

почти 3 года назад

The High Availability functionality of Yugabyte Anywhere can be abused ...

GHSA-48x7-56r4-ghvr

CVSS3: 9.8

github

почти 3 года назад

Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Managed (PlatformReplicationManager.Java modules) allows Path Traversal. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects Yugabyte Managed: from 2.0 through 2.13.

EPSS

Процентиль: 27%

0.00098

Низкий

6.7 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-23

CWE-22