CVE-2024-6895 - Vulnerability Details - OpenCVE

Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5

History

No history.

MITRE

Status: PUBLISHED

Assigner: Yugabyte

Published: 2024-07-19T14:47:50.432Z

Updated: 2024-08-13T20:45:30.139Z

Reserved: 2024-07-18T20:20:00.305Z

Link: CVE-2024-6895

Vulnrichment

Updated: 2024-08-01T21:45:38.424Z

NVD

Status : Awaiting Analysis

Published: 2024-07-19T15:15:10.547

Modified: 2024-11-21T09:50:29.310

Link: CVE-2024-6895

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6895", "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "state": "PUBLISHED", "assignerShortName": "Yugabyte", "dateReserved": "2024-07-18T20:20:00.305Z", "datePublished": "2024-07-19T14:47:50.432Z", "dateUpdated": "2024-08-13T20:45:30.139Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux", "Docker", "Kubernetes"], "product": "YugabyteDB Anywhere", "vendor": "YugabyteDB", "versions": [{"lessThanOrEqual": "2.14.17.0", "status": "affected", "version": "2.14.0.0", "versionType": "git"}, {"lessThanOrEqual": "2.16.9.0", "status": "affected", "version": "2.16.0.0", "versionType": "git"}, {"lessThanOrEqual": "2.18.8.1", "status": "affected", "version": "2.18.0.0", "versionType": "git"}, {"lessThan": "2.20.5.0", "status": "affected", "version": "2.20.0.0", "versionType": "git"}]}], "datePublic": "2024-07-18T21:24:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover."}], "value": "Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover."}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 6.1, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "shortName": "Yugabyte", "dateUpdated": "2024-07-19T14:47:50.432Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5"}], "source": {"defect": ["PLAT-10472"], "discovery": "UNKNOWN"}, "title": "Insecure Account Profile Management", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "yugabyte", "product": "yugabytedb", "cpes": ["cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "2.14.0.0", "status": "affected", "lessThanOrEqual": "2.14.17.0", "versionType": "git"}, {"version": "2.16.0.0", "status": "affected", "lessThanOrEqual": "2.16.9.0", "versionType": "git"}, {"version": "2.18.0.0", "status": "affected", "lessThanOrEqual": "2.18.8.1", "versionType": "git"}, {"version": "2.20.0.0", "status": "affected", "lessThan": "2.20.5.0", "versionType": "git"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T16:38:09.286512Z", "id": "CVE-2024-6895", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T20:45:30.139Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.424Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5", "tags": ["patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.424Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6895", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-19T16:38:09.286512Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*:*"], "vendor": "yugabyte", "product": "yugabytedb", "versions": [{"status": "affected", "version": "2.14.0.0", "versionType": "git", "lessThanOrEqual": "2.14.17.0"}, {"status": "affected", "version": "2.16.0.0", "versionType": "git", "lessThanOrEqual": "2.16.9.0"}, {"status": "affected", "version": "2.18.0.0", "versionType": "git", "lessThanOrEqual": "2.18.8.1"}, {"status": "affected", "version": "2.20.0.0", "lessThan": "2.20.5.0", "versionType": "git"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T16:48:31.181Z"}}], "cna": {"title": "Insecure Account Profile Management", "source": {"defect": ["PLAT-10472"], "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "YugabyteDB", "product": "YugabyteDB Anywhere", "versions": [{"status": "affected", "version": "2.14.0.0", "versionType": "git", "lessThanOrEqual": "2.14.17.0"}, {"status": "affected", "version": "2.16.0.0", "versionType": "git", "lessThanOrEqual": "2.16.9.0"}, {"status": "affected", "version": "2.18.0.0", "versionType": "git", "lessThanOrEqual": "2.18.8.1"}, {"status": "affected", "version": "2.20.0.0", "lessThan": "2.20.5.0", "versionType": "git"}], "platforms": ["Linux", "Docker", "Kubernetes"], "defaultStatus": "unaffected"}], "datePublic": "2024-07-18T21:24:00.000Z", "references": [{"url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.", "supportingMedia": [{"type": "text/html", "value": "Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "shortName": "Yugabyte", "dateUpdated": "2024-07-19T14:47:50.432Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6895", "state": "PUBLISHED", "dateUpdated": "2024-08-13T20:45:30.139Z", "dateReserved": "2024-07-18T20:20:00.305Z", "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "datePublished": "2024-07-19T14:47:50.432Z", "assignerShortName": "Yugabyte"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover."}, {"lang": "es", "value": "La autenticaci\u00f3n insuficiente en la gesti\u00f3n de cuentas de usuario en la plataforma Yugabyte permite a los atacantes de la red local con una sesi\u00f3n de usuario comprometida cambiar informaci\u00f3n de seguridad cr\u00edtica sin volver a autenticarse. Un atacante con sesi\u00f3n de usuario y acceso a la aplicaci\u00f3n puede modificar configuraciones como la contrase\u00f1a y el correo electr\u00f3nico sin que se le solicite la contrase\u00f1a actual, lo que permite la apropiaci\u00f3n de la cuenta."}], "id": "CVE-2024-6895", "lastModified": "2024-11-21T09:50:29.310", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "LOW"}, "source": "security@yugabyte.com", "type": "Secondary"}]}, "published": "2024-07-19T15:15:10.547", "references": [{"source": "security@yugabyte.com", "url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/yugabyte/yugabyte-db/commit/9687371d8777f876285b737a9d01995bc46bafa5"}], "sourceIdentifier": "security@yugabyte.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security@yugabyte.com", "type": "Secondary"}]}