Search criteria
6 vulnerabilities by vitessio
CVE-2026-27969 (GCVE-0-2026-27969)
Vulnerability from cvelistv5 – Published: 2026-02-26 01:52 – Updated: 2026-02-26 19:33
VLAI?
Title
Vitess users with backup storage access can write to arbitrary file paths on restore
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment — allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. No known workarounds are available.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:33:42.759773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:33:53.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 22.0.4"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest \u2014 which may be files that they have also added to the manifest and backup contents \u2014\u00a0are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment \u2014 allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. No known workarounds are available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:L/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:52:30.677Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-r492-hjgh-c9gw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-r492-hjgh-c9gw"
},
{
"name": "https://github.com/vitessio/vitess/pull/19470",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/pull/19470"
},
{
"name": "https://github.com/vitessio/vitess/commit/c565cab615bc962bda061dcd645aa7506c59ca4a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/c565cab615bc962bda061dcd645aa7506c59ca4a"
}
],
"source": {
"advisory": "GHSA-r492-hjgh-c9gw",
"discovery": "UNKNOWN"
},
"title": "Vitess users with backup storage access can write to arbitrary file paths on restore"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27969",
"datePublished": "2026-02-26T01:52:30.677Z",
"dateReserved": "2026-02-25T03:24:57.793Z",
"dateUpdated": "2026-02-26T19:33:53.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27965 (GCVE-0-2026-27965)
Vulnerability from cvelistv5 – Published: 2026-02-26 01:49 – Updated: 2026-02-26 19:32
VLAI?
Title
Vitess users with backup storage access can gain unauthorized access to production deployment environments
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment — allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. Some workarounds are available. Those who intended to use an external decompressor then can always specify that decompressor command in the `--external-decompressor` flag value for `vttablet` and `vtbackup`. That then overrides any value specified in the manifest file. Those who did not intend to use an external decompressor, nor an internal one, can specify a value such as `cat` or `tee` in the `--external-decompressor` flag value for `vttablet` and `vtbackup` to ensure that a harmless command is always used.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:32:38.363771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:32:59.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 22.0.4"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment \u2014 allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. Some workarounds are available. Those who intended to use an external decompressor then can always specify that decompressor command in the `--external-decompressor` flag value for `vttablet` and `vtbackup`. That then overrides any value specified in the manifest file. Those who did not intend to use an external decompressor, nor an internal one, can specify a value such as `cat` or `tee` in the `--external-decompressor` flag value for `vttablet` and `vtbackup` to ensure that a harmless command is always used."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:49:10.071Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-8g8j-r87h-p36x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-8g8j-r87h-p36x"
},
{
"name": "https://github.com/vitessio/vitess/issues/19459",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/issues/19459"
},
{
"name": "https://github.com/vitessio/vitess/pull/19460",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/pull/19460"
},
{
"name": "https://github.com/vitessio/vitess/commit/4c0173293907af9cb942a6683c465c3f1e9fdb5c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/4c0173293907af9cb942a6683c465c3f1e9fdb5c"
}
],
"source": {
"advisory": "GHSA-8g8j-r87h-p36x",
"discovery": "UNKNOWN"
},
"title": "Vitess users with backup storage access can gain unauthorized access to production deployment environments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27965",
"datePublished": "2026-02-26T01:49:10.071Z",
"dateReserved": "2026-02-25T03:24:57.793Z",
"dateUpdated": "2026-02-26T19:32:59.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53257 (GCVE-0-2024-53257)
Vulnerability from cvelistv5 – Published: 2024-12-03 15:46 – Updated: 2024-12-03 16:57
VLAI?
Title
Vitess allows HTML injection in /debug/querylogz & /debug/env
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML templating engine. This vulnerability is fixed in 21.0.1, 20.0.4, and 19.0.8.
Severity ?
4.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vitessio:vitess:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"lessThan": "19.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "20.0.4",
"status": "affected",
"version": "19.0.9",
"versionType": "custom"
},
{
"lessThan": "21.0.1",
"status": "affected",
"version": "20.0.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53257",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T16:53:09.581215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:57:59.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.21.0-rc1, \u003c 21.0.1"
},
{
"status": "affected",
"version": "\u003e= 0.20.0-rc1, \u003c 20.0.4"
},
{
"status": "affected",
"version": "\u003c 19.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML templating engine. This vulnerability is fixed in 21.0.1, 20.0.4, and 19.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T15:46:40.513Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-7mwh-q3xm-qh6p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-7mwh-q3xm-qh6p"
},
{
"name": "https://github.com/vitessio/vitess/commit/2b71d1b5f8ca676beeab2875525003cd45096217",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/2b71d1b5f8ca676beeab2875525003cd45096217"
}
],
"source": {
"advisory": "GHSA-7mwh-q3xm-qh6p",
"discovery": "UNKNOWN"
},
"title": "Vitess allows HTML injection in /debug/querylogz \u0026 /debug/env"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53257",
"datePublished": "2024-12-03T15:46:40.513Z",
"dateReserved": "2024-11-19T20:08:14.480Z",
"dateUpdated": "2024-12-03T16:57:59.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32886 (GCVE-0-2024-32886)
Vulnerability from cvelistv5 – Published: 2024-05-08 14:10 – Updated: 2024-08-02 02:20
VLAI?
Title
Vitess vulnerable to infinite memory consumption and vtgate crash
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.
Severity ?
4.9 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T15:55:36.665322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:58.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
},
{
"name": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
},
{
"name": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
},
{
"name": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
},
{
"name": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
},
{
"name": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
},
{
"name": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 17.0.7"
},
{
"status": "affected",
"version": "\u003e= 18.0.0, \u003c 18.0.5"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 19.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-08T14:10:24.863Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
},
{
"name": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
},
{
"name": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
},
{
"name": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
},
{
"name": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
},
{
"name": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
},
{
"name": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
}
],
"source": {
"advisory": "GHSA-649x-hxfx-57j2",
"discovery": "UNKNOWN"
},
"title": "Vitess vulnerable to infinite memory consumption and vtgate crash"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32886",
"datePublished": "2024-05-08T14:10:24.863Z",
"dateReserved": "2024-04-19T14:07:11.231Z",
"dateUpdated": "2024-08-02T02:20:35.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29195 (GCVE-0-2023-29195)
Vulnerability from cvelistv5 – Published: 2023-05-11 19:07 – Updated: 2025-01-24 21:28
VLAI?
Title
Vitess VTAdmin users that can create shards can deny access to other functions
Summary
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server.
Severity ?
4.1 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"
},
{
"name": "https://github.com/vitessio/vitess/issues/12842",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/issues/12842"
},
{
"name": "https://github.com/vitessio/vitess/pull/12843",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/pull/12843"
},
{
"name": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"
},
{
"name": "https://github.com/vitessio/vitess/releases/tag/v16.0.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"
},
{
"name": "https://pkg.go.dev/vitess.io/vitess@v0.16.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T21:28:35.583348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T21:28:41.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 16.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T19:07:39.530Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"
},
{
"name": "https://github.com/vitessio/vitess/issues/12842",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/issues/12842"
},
{
"name": "https://github.com/vitessio/vitess/pull/12843",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/pull/12843"
},
{
"name": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"
},
{
"name": "https://github.com/vitessio/vitess/releases/tag/v16.0.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"
},
{
"name": "https://pkg.go.dev/vitess.io/vitess@v0.16.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"
}
],
"source": {
"advisory": "GHSA-pqj7-jx24-wj7w",
"discovery": "UNKNOWN"
},
"title": "Vitess VTAdmin users that can create shards can deny access to other functions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29195",
"datePublished": "2023-05-11T19:07:39.530Z",
"dateReserved": "2023-04-03T13:37:18.453Z",
"dateUpdated": "2025-01-24T21:28:41.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29194 (GCVE-0-2023-29194)
Vulnerability from cvelistv5 – Published: 2023-04-14 18:42 – Updated: 2025-02-06 18:43
VLAI?
Title
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient).
Severity ?
4.1 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f"
},
{
"name": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88"
},
{
"name": "https://github.com/vitessio/vitess/commits/v0.16.1/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commits/v0.16.1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T18:43:44.701887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T18:43:49.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 0.16.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-14T18:42:54.461Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f"
},
{
"name": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88"
},
{
"name": "https://github.com/vitessio/vitess/commits/v0.16.1/",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commits/v0.16.1/"
}
],
"source": {
"advisory": "GHSA-735r-hv67-g38f",
"discovery": "UNKNOWN"
},
"title": "vitess allows users to create keyspaces that can deny access to already existing keyspaces"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29194",
"datePublished": "2023-04-14T18:42:54.461Z",
"dateReserved": "2023-04-03T13:37:18.453Z",
"dateUpdated": "2025-02-06T18:43:49.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}