Vulnerability Details CVE-2023-6002
YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.3%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2023-6002
-
cpe:2.3:a:yugabyte:yugabytedb:2.14.0.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.14.1.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.16.0.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.16.0.1
-
cpe:2.3:a:yugabyte:yugabytedb:2.16.1.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.16.1.1
-
cpe:2.3:a:yugabyte:yugabytedb:2.16.2.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.16.3.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.16.4.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.16.5.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.16.6.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.16.6.1
-
cpe:2.3:a:yugabyte:yugabytedb:2.18.0.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.18.0.1
-
cpe:2.3:a:yugabyte:yugabytedb:2.18.1.0
-
cpe:2.3:a:yugabyte:yugabytedb:2.18.2.1