Yugabyte: >> Yugabytedb >> 2.18.0.1 Security Vulnerabilities
YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-11-08
Prometheus metrics are available without
authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-11-08