CVE-2023-0575

EPSS 0.08%
Published 09.02.2023 17:15:15
Last modified 21.11.2024 07:37:25
Source security@yugabyte.com
Teams watchlist Login
Open Login

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py.

This issue affects Yugabyte DB: Lesser then 2.2.0.0

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Yugabyte ≫ Yugabytedb Version < 2.2.0.0

   Apple ≫ iPhone OS Version-
   Apple ≫ macOS Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.241

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@yugabyte.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-642 External Control of Critical State Data

The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors.

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://www.yugabyte.com/

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-0575

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0575

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0575

EUVD