CVE-2023-29194

Опубликовано: 14 апр. 2023

Источник: nvd

CVSS3: 4.1

CVSS3: 2.7

EPSS Низкий

Описание

Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using vtctldclient GetKeyspaces will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient).

Ссылки

https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88
Patch
https://github.com/vitessio/vitess/commits/v0.16.1/
Release Notes
https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f
Vendor Advisory
https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88
Patch
https://github.com/vitessio/vitess/commits/v0.16.1/
Release Notes
https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:vitess:*:*:*:*:*:*:*:*

Версия до 16.0.1 (исключая)

EPSS

Процентиль: 28%

0.001

Низкий

4.1 Medium

CVSS3

2.7 Low

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

CVE-2023-29194

CVSS3: 2.7

msrc

почти 3 года назад

Описание отсутствует

GHSA-735r-hv67-g38f

CVSS3: 4.1

github

почти 3 года назад

vitess allows users to create keyspaces that can deny access to already existing keyspaces

EPSS

Процентиль: 28%

0.001

Низкий

4.1 Medium

CVSS3

2.7 Low

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo