CVE-2022-31011

EPSS 0.07%
Veröffentlicht 31.05.2022 20:15:08
Zuletzt bearbeitet 21.11.2024 07:03:42
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pingcap ≫ Tidb Version5.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.224

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
security-advisories@github.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/pingcap/tidb/releases/tag/v5.3.1

Third Party Advisory

Release Notes

https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22

Third Party Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-31011

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31011

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31011

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-31011