Описание
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs
An information exposure flaw has been discovered in YugabyteDB. Shared Access Signature tokens are not masked in the backup configuration response and also exposed in the yb_backup logs. An attacker with access may be able to recover these tokens.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 8 | yugabytedb | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | yugabytedb | Fix deferred |
Показывать по
Дополнительная информация
Статус:
3.5 Low
CVSS3
Связанные уязвимости
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs
3.5 Low
CVSS3