CVE-2023-6001
EUVD-2023-5826808.11.2023, 00:15
Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| yugabyte | yugabytedb | 2.0.0 ≤ 𝑥 < 2.18.4.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-862 - Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.