The controller responsible for setting the logging level does not include any authorization
checks to ensure the user is authenticated. This can be seen by noting that it extends
Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.yugabyte.com/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Yugabyte
Published: 2023-08-30T16:42:45.242Z
Updated: 2024-08-02T07:31:06.630Z
Reserved: 2023-08-30T16:41:56.711Z
Link: CVE-2023-4640
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-30T17:15:11.157
Modified: 2023-09-05T15:22:15.190
Link: CVE-2023-4640
Redhat
No data.