CVE-2023-6001

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 8, 2023

Updated: Nov 16, 2023

CWE ID 862

CWE ID 200

Summary

CVE-2023-60 Prometheus metrics in YugabyteDB Anywhere are accessible without authentication, posing a significant security risk. An attacker can gain unauthorized access to detailed and sensitive information related to the YugabyteDB environment by exploiting this vulnerability. This issue may lead to data exposure, unauthorized system access, or other malicious activities. Organizations using YugabyteDB Anywhere are advised to apply the necessary patches or configurations to mitigate this vulnerability and secure their environments.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

YugaByte DB

Affected Vendors

YUGABYTE, INC.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tUJoUo
https://www.cve.org/CVERecord?id=CVE-2023-6001
https://nvd.nist.gov/vuln/detail/CVE-2023-6001

Back to Vulnerability Database