Home > Vulnerability Database > CVE-2024-0006

Mend.io Vulnerability Database

CVE-2024-0006

Good to know:

Date: July 19, 2024

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.

Language: C

Severity Score

6.4

Related Resources (5)

Url: https://github.com/yugabyte/yugabyte-db/commit/d96e6b629f34d065b47204daeeb44064e484c579

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-0006

Url: https://github.com/yugabyte/yugabyte-db/commit/439c6286f1971f9ac6bff2c7215b454c2025c593

Url: https://github.com/yugabyte/yugabyte-db/commit/5cc7f4e15d6ccccbf97c57946fd0aa630f88c9e2

Url: https://www.mend.io/vulnerability-database/CVE-2024-0006

Severity Score

6.4

Weakness Type (CWE)

Information Exposure Through Log Files

CWE-532

Top Fix

Upgrade Version

Upgrade to version 2.18.9.0-b1,2.20.2.3-b2,2024.1.1.0-b99

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-0006

Good to know:

Date: July 19, 2024

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?