CVE-2024-0006 MEDIUM

CVE-2024-0006: DB User Password Leak in Application Log

Vendor Yugabytedb
Product YugabyteDB Anywhere
Weakness CWE-532 · Sensitive info in logs
Published July 19, 2024
Last update August 1, 2024

CVSS base score

5.4/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.

Key dates

02Disclosure timeline

July 19, 2024 CVE published
August 1, 2024 Record updated