CVE-2024-6895 - OpenCVE

Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5

History

No history.

MITRE

Status: PUBLISHED

Assigner: Yugabyte

Published: 2024-07-19T14:47:50.432Z

Updated: 2024-08-13T20:45:30.139Z

Reserved: 2024-07-18T20:20:00.305Z

Link: CVE-2024-6895

Vulnrichment

Updated: 2024-08-01T21:45:38.424Z

NVD

Status : Awaiting Analysis

Published: 2024-07-19T15:15:10.547

Modified: 2024-07-22T13:00:53.287

Link: CVE-2024-6895

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6895", "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "state": "PUBLISHED", "assignerShortName": "Yugabyte", "dateReserved": "2024-07-18T20:20:00.305Z", "datePublished": "2024-07-19T14:47:50.432Z", "dateUpdated": "2024-08-13T20:45:30.139Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux", "Docker", "Kubernetes"], "product": "YugabyteDB Anywhere", "vendor": "YugabyteDB", "versions": [{"lessThanOrEqual": "2.14.17.0", "status": "affected", "version": "2.14.0.0", "versionType": "git"}, {"lessThanOrEqual": "2.16.9.0", "status": "affected", "version": "2.16.0.0", "versionType": "git"}, {"lessThanOrEqual": "2.18.8.1", "status": "affected", "version": "2.18.0.0", "versionType": "git"}, {"lessThan": "2.20.5.0", "status": "affected", "version": "2.20.0.0", "versionType": "git"}]}], "datePublic": "2024-07-18T21:24:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover."}], "value": "Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover."}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 6.1, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "shortName": "Yugabyte", "dateUpdated": "2024-07-19T14:47:50.432Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5"}], "source": {"defect": ["PLAT-10472"], "discovery": "UNKNOWN"}, "title": "Insecure Account Profile Management", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "yugabyte", "product": "yugabytedb", "cpes": ["cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "2.14.0.0", "status": "affected", "lessThanOrEqual": "2.14.17.0", "versionType": "git"}, {"version": "2.16.0.0", "status": "affected", "lessThanOrEqual": "2.16.9.0", "versionType": "git"}, {"version": "2.18.0.0", "status": "affected", "lessThanOrEqual": "2.18.8.1", "versionType": "git"}, {"version": "2.20.0.0", "status": "affected", "lessThan": "2.20.5.0", "versionType": "git"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T16:38:09.286512Z", "id": "CVE-2024-6895", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T20:45:30.139Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.424Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5", "tags": ["patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.424Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6895", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-19T16:38:09.286512Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*"], "vendor": "yugabyte", "product": "yugabytedb", "versions": [{"status": "affected", "version": "2.14.0.0", "versionType": "git", "lessThanOrEqual": "2.14.17.0"}, {"status": "affected", "version": "2.16.0.0", "versionType": "git", "lessThanOrEqual": "2.16.9.0"}, {"status": "affected", "version": "2.18.0.0", "versionType": "git", "lessThanOrEqual": "2.18.8.1"}, {"status": "affected", "version": "2.20.0.0", "lessThan": "2.20.5.0", "versionType": "git"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T16:48:31.181Z"}}], "cna": {"title": "Insecure Account Profile Management", "source": {"defect": ["PLAT-10472"], "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "YugabyteDB", "product": "YugabyteDB Anywhere", "versions": [{"status": "affected", "version": "2.14.0.0", "versionType": "git", "lessThanOrEqual": "2.14.17.0"}, {"status": "affected", "version": "2.16.0.0", "versionType": "git", "lessThanOrEqual": "2.16.9.0"}, {"status": "affected", "version": "2.18.0.0", "versionType": "git", "lessThanOrEqual": "2.18.8.1"}, {"status": "affected", "version": "2.20.0.0", "lessThan": "2.20.5.0", "versionType": "git"}], "platforms": ["Linux", "Docker", "Kubernetes"], "defaultStatus": "unaffected"}], "datePublic": "2024-07-18T21:24:00.000Z", "references": [{"url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.", "supportingMedia": [{"type": "text/html", "value": "Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "shortName": "Yugabyte", "dateUpdated": "2024-07-19T14:47:50.432Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6895", "state": "PUBLISHED", "dateUpdated": "2024-08-13T20:45:30.139Z", "dateReserved": "2024-07-18T20:20:00.305Z", "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "datePublished": "2024-07-19T14:47:50.432Z", "assignerShortName": "Yugabyte"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover."}, {"lang": "es", "value": "La autenticaci\u00f3n insuficiente en la gesti\u00f3n de cuentas de usuario en la plataforma Yugabyte permite a los atacantes de la red local con una sesi\u00f3n de usuario comprometida cambiar informaci\u00f3n de seguridad cr\u00edtica sin volver a autenticarse. Un atacante con sesi\u00f3n de usuario y acceso a la aplicaci\u00f3n puede modificar configuraciones como la contrase\u00f1a y el correo electr\u00f3nico sin que se le solicite la contrase\u00f1a actual, lo que permite la apropiaci\u00f3n de la cuenta."}], "id": "CVE-2024-6895", "lastModified": "2024-07-22T13:00:53.287", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "LOW"}, "source": "security@yugabyte.com", "type": "Secondary"}]}, "published": "2024-07-19T15:15:10.547", "references": [{"source": "security@yugabyte.com", "url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5"}], "sourceIdentifier": "security@yugabyte.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security@yugabyte.com", "type": "Secondary"}]}