Plattform
other
Komponente
yugabyte-db
Behoben in
2.14.18
2.16.10
2.18.7.0
2.20.3.0
CVE-2024-6908 describes a privilege escalation vulnerability discovered in YugabyteDB Anywhere. This flaw allows authenticated administrative users to elevate their privileges to SuperAdmin, potentially granting them complete control over the system. The vulnerability affects versions 2.14.0.0 through 2.20.3.0, and a fix is available in version 2.20.3.0.
Successful exploitation of CVE-2024-6908 allows an attacker, already authenticated as an administrator, to elevate their privileges to SuperAdmin. This grants them unrestricted access to YugabyteDB Anywhere's administrative functions, including data modification, user management, and system configuration. The potential impact includes data breaches, system compromise, and denial of service. An attacker could potentially exfiltrate sensitive data stored within the database or modify the database schema to disrupt operations. The blast radius extends to any data and services reliant on the YugabyteDB Anywhere instance.
CVE-2024-6908 was publicly disclosed on 2024-07-19. As of this date, there are no known public proof-of-concept exploits available. The vulnerability is not currently listed on CISA KEV. The probability of exploitation is considered medium, given the relatively straightforward nature of the attack and the potential impact.
Organizations utilizing YugabyteDB Anywhere in production environments, particularly those with administrative users who have broad privileges, are at risk. This includes deployments where access controls are not strictly enforced and where the principle of least privilege is not consistently applied. Shared hosting environments utilizing YugabyteDB Anywhere may also be vulnerable if administrative accounts are not properly isolated.
disclosure
Exploit-Status
EPSS
0.05% (16% Perzentil)
CISA SSVC
The primary mitigation for CVE-2024-6908 is to upgrade YugabyteDB Anywhere to version 2.20.3.0 or later, which contains the fix. If immediate upgrade is not feasible, consider restricting access to the HTTP PUT endpoint used for privilege escalation. Implement strict authentication and authorization controls to limit the number of users with administrative privileges. Regularly review user access rights and audit logs for suspicious activity. While a WAF rule could be implemented to block malicious PUT requests, this is not a substitute for patching.
Actualice YugabyteDB Anywhere a la última versión disponible. Las versiones 2.14.18.0, 2.16.10.0, 2.18.7.0 y 2.20.3.0 o superiores contienen la corrección para esta vulnerabilidad. Esto evitará que usuarios administradores escalen sus privilegios a SuperAdmin mediante solicitudes HTTP manipuladas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-6908 is a vulnerability in YugabyteDB Anywhere allowing authenticated admin users to escalate to SuperAdmin, potentially gaining full control. CVSS severity is pending evaluation.
You are affected if you are running YugabyteDB Anywhere versions 2.14.0.0 through 2.20.3.0. Upgrade to 2.20.3.0 or later to mitigate the risk.
Upgrade YugabyteDB Anywhere to version 2.20.3.0 or later. If immediate upgrade is not possible, review and restrict administrative user privileges.
There is currently no evidence of active exploitation of CVE-2024-6908, but it's crucial to apply the patch promptly.
Refer to the official YugabyteDB security advisory for detailed information and updates: [https://www.yugabyte.com/security/advisories/](https://www.yugabyte.com/security/advisories/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.