Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for yugabytedb_managed by yugabyte

    CVE-2023-0745 (GCVE-0-2023-0745)

    Vulnerability from nvd – Published: 2023-02-09 16:08 – Updated: 2025-03-24 18:33
    VLAI
    Title
    Arbitrary File Write in High Availability Backup Upload
    Summary
    The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    URL Tags
    https://www.yugabyte.com/ issue-tracking
    Impacted products
    Vendor Product Version
    YugabyteDB YugabyteDB Anywhere Affected: 2.0 , ≤ 2.13 (2.0 to 2.13)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:24:34.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://www.yugabyte.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T17:33:21.113674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T18:33:37.528Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "Docker",
                "Kubernetes"
              ],
              "product": "YugabyteDB Anywhere",
              "vendor": "YugabyteDB",
              "versions": [
                {
                  "lessThanOrEqual": "2.13",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "2.0 to 2.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003eThe High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary\nfiles through the backup upload endpoint by using path traversal characters.\n\u003c/p\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ePlatformReplicationManager.Java\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0\u003c/p\u003e"
                }
              ],
              "value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tThe High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary\nfiles through the backup upload endpoint by using path traversal characters.\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n This vulnerability is associated with program files PlatformReplicationManager.Java.\n\nThis issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-10T22:31:06.154Z",
            "orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
            "shortName": "Yugabyte"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://www.yugabyte.com/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixed in version 2.14 onwards . "
                }
              ],
              "value": "Fixed in version 2.14 onwards . "
            }
          ],
          "source": {
            "defect": [
              "PLAT-3445"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Arbitrary File Write in High Availability Backup Upload",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
        "assignerShortName": "Yugabyte",
        "cveId": "CVE-2023-0745",
        "datePublished": "2023-02-09T16:08:57.723Z",
        "dateReserved": "2023-02-08T12:08:53.977Z",
        "dateUpdated": "2025-03-24T18:33:37.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0574 (GCVE-0-2023-0574)

    Vulnerability from nvd – Published: 2023-02-09 14:55 – Updated: 2025-03-24 18:33
    VLAI
    Title
    Server-Side Request Forgery
    Summary
    Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    • CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    YugabyteDB YugabyteDB Anywhere Affected: 2.0.0.0 , ≤ 2.13.0.0 (2.0 to 2.13)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:49.846Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.yugabyte.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T17:34:08.279514Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T18:33:02.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "UniverseCRUDHandler.java"
              ],
              "platforms": [
                "Linux",
                "Docker",
                "Kubernetes"
              ],
              "product": "YugabyteDB Anywhere",
              "vendor": "YugabyteDB",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.0.0",
                  "status": "affected",
                  "version": "2.0.0.0",
                  "versionType": "2.0 to 2.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.\u003cp\u003eThis issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0\u003c/p\u003e"
                }
              ],
              "value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            },
            {
              "capecId": "CAPEC-216",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-216 Communication Channel Manipulation"
                }
              ]
            },
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-915",
                  "description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-10T22:20:52.094Z",
            "orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
            "shortName": "Yugabyte"
          },
          "references": [
            {
              "url": "https://www.yugabyte.com/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixed in version 2.14 onwards .\u0026nbsp;"
                }
              ],
              "value": "Fixed in version 2.14 onwards .\u00a0"
            }
          ],
          "source": {
            "defect": [
              "PLAT-3195"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Server-Side Request Forgery",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
        "assignerShortName": "Yugabyte",
        "cveId": "CVE-2023-0574",
        "datePublished": "2023-02-09T14:55:29.165Z",
        "dateReserved": "2023-01-30T08:15:55.659Z",
        "dateUpdated": "2025-03-24T18:33:02.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0745 (GCVE-0-2023-0745)

    Vulnerability from cvelistv5 – Published: 2023-02-09 16:08 – Updated: 2025-03-24 18:33
    VLAI
    Title
    Arbitrary File Write in High Availability Backup Upload
    Summary
    The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    URL Tags
    https://www.yugabyte.com/ issue-tracking
    Impacted products
    Vendor Product Version
    YugabyteDB YugabyteDB Anywhere Affected: 2.0 , ≤ 2.13 (2.0 to 2.13)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:24:34.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://www.yugabyte.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T17:33:21.113674Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T18:33:37.528Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "Docker",
                "Kubernetes"
              ],
              "product": "YugabyteDB Anywhere",
              "vendor": "YugabyteDB",
              "versions": [
                {
                  "lessThanOrEqual": "2.13",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "2.0 to 2.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003eThe High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary\nfiles through the backup upload endpoint by using path traversal characters.\n\u003c/p\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ePlatformReplicationManager.Java\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0\u003c/p\u003e"
                }
              ],
              "value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tThe High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary\nfiles through the backup upload endpoint by using path traversal characters.\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n This vulnerability is associated with program files PlatformReplicationManager.Java.\n\nThis issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-10T22:31:06.154Z",
            "orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
            "shortName": "Yugabyte"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://www.yugabyte.com/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixed in version 2.14 onwards . "
                }
              ],
              "value": "Fixed in version 2.14 onwards . "
            }
          ],
          "source": {
            "defect": [
              "PLAT-3445"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Arbitrary File Write in High Availability Backup Upload",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
        "assignerShortName": "Yugabyte",
        "cveId": "CVE-2023-0745",
        "datePublished": "2023-02-09T16:08:57.723Z",
        "dateReserved": "2023-02-08T12:08:53.977Z",
        "dateUpdated": "2025-03-24T18:33:37.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0574 (GCVE-0-2023-0574)

    Vulnerability from cvelistv5 – Published: 2023-02-09 14:55 – Updated: 2025-03-24 18:33
    VLAI
    Title
    Server-Side Request Forgery
    Summary
    Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    • CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    YugabyteDB YugabyteDB Anywhere Affected: 2.0.0.0 , ≤ 2.13.0.0 (2.0 to 2.13)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:49.846Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.yugabyte.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T17:34:08.279514Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T18:33:02.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "UniverseCRUDHandler.java"
              ],
              "platforms": [
                "Linux",
                "Docker",
                "Kubernetes"
              ],
              "product": "YugabyteDB Anywhere",
              "vendor": "YugabyteDB",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.0.0",
                  "status": "affected",
                  "version": "2.0.0.0",
                  "versionType": "2.0 to 2.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.\u003cp\u003eThis issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0\u003c/p\u003e"
                }
              ],
              "value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            },
            {
              "capecId": "CAPEC-216",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-216 Communication Channel Manipulation"
                }
              ]
            },
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-915",
                  "description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-10T22:20:52.094Z",
            "orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
            "shortName": "Yugabyte"
          },
          "references": [
            {
              "url": "https://www.yugabyte.com/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixed in version 2.14 onwards .\u0026nbsp;"
                }
              ],
              "value": "Fixed in version 2.14 onwards .\u00a0"
            }
          ],
          "source": {
            "defect": [
              "PLAT-3195"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Server-Side Request Forgery",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078",
        "assignerShortName": "Yugabyte",
        "cveId": "CVE-2023-0574",
        "datePublished": "2023-02-09T14:55:29.165Z",
        "dateReserved": "2023-01-30T08:15:55.659Z",
        "dateUpdated": "2025-03-24T18:33:02.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }