CVE-2023-51982

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 30, 2024

Updated: Feb 6, 2024

CWE ID 287

Summary

CVE-2023-51982 is a newly discovered vulnerability affecting CrateDB 5.5.1. This issue involves an authentication bypass flaw in the Admin UI component. After implementing password authentication, an attacker can bypass identity authentication by manipulating the X-Real-IP request header and accessing the Admin UI with the default user identity directly. This vulnerability poses a significant risk, as it allows unauthorized access to sensitive administrative functions. It is recommended that users of CrateDB 5.5.1 upgrade to a patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t7Tvdj
https://www.cve.org/CVERecord?id=CVE-2023-51982
https://nvd.nist.gov/vuln/detail/CVE-2023-51982

Back to Vulnerability Database

CVE-2023-51982

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations