CVE-2024-6908 - Vulnerability Details - OpenCVE

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00075.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-47897	Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662
https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb

History

No history.

MITRE

Status: PUBLISHED

Assigner: Yugabyte

Published: 2024-07-19T14:57:00.607Z

Updated: 2024-08-01T21:45:38.372Z

Reserved: 2024-07-18T21:27:07.259Z

Link: CVE-2024-6908

Vulnrichment

Updated: 2024-08-01T21:45:38.372Z

NVD

Status : Awaiting Analysis

Published: 2024-07-19T15:15:10.747

Modified: 2024-11-21T09:50:31.250

Link: CVE-2024-6908

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6908", "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "state": "PUBLISHED", "assignerShortName": "Yugabyte", "dateReserved": "2024-07-18T21:27:07.259Z", "datePublished": "2024-07-19T14:57:00.607Z", "dateUpdated": "2024-08-01T21:45:38.372Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux", "Docker", "Kubernetes"], "product": "YugabyteDB Anywhere", "vendor": "YugabyteDB", "versions": [{"lessThanOrEqual": "2.14.17.0", "status": "affected", "version": "2.14.0.0", "versionType": "git"}, {"lessThanOrEqual": "2.16.9.0", "status": "affected", "version": "2.16.0.0", "versionType": "git"}, {"lessThan": "2.18.7.0", "status": "affected", "version": "2.18.0.0", "versionType": "git"}, {"lessThan": "2.20.3.0", "status": "affected", "version": "2.20.0.0", "versionType": "git"}]}], "datePublic": "2024-07-18T21:48:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data."}], "value": "Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "shortName": "Yugabyte", "dateUpdated": "2024-07-19T14:57:00.607Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662"}, {"tags": ["patch"], "url": "https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb"}], "source": {"defect": ["PLAT-10470"], "discovery": "UNKNOWN"}, "title": "Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "yugabytedb", "product": "yugabytedb_anywhere", "cpes": ["cpe:2.3:a:yugabytedb:yugabytedb_anywhere:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "2.14.0.0", "status": "affected", "lessThanOrEqual": "2.14.17.0", "versionType": "git"}, {"version": "2.16.0.0", "status": "affected", "lessThanOrEqual": "2.16.9.0", "versionType": "git"}, {"version": "2.18.0.0", "status": "affected", "lessThan": "2.18.7.0", "versionType": "git"}, {"version": "2.20.0.0", "status": "affected", "lessThan": "2.20.3.0", "versionType": "git"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T20:27:45.607511Z", "id": "CVE-2024-6908", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T20:36:54.209Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.372Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb", "tags": ["patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.372Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6908", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-23T20:27:45.607511Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:yugabytedb:yugabytedb_anywhere:*:*:*:*:*:*:*:*"], "vendor": "yugabytedb", "product": "yugabytedb_anywhere", "versions": [{"status": "affected", "version": "2.14.0.0", "versionType": "git", "lessThanOrEqual": "2.14.17.0"}, {"status": "affected", "version": "2.16.0.0", "versionType": "git", "lessThanOrEqual": "2.16.9.0"}, {"status": "affected", "version": "2.18.0.0", "lessThan": "2.18.7.0", "versionType": "git"}, {"status": "affected", "version": "2.20.0.0", "lessThan": "2.20.3.0", "versionType": "git"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T20:34:49.366Z"}}], "cna": {"title": "Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request", "source": {"defect": ["PLAT-10470"], "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "YugabyteDB", "product": "YugabyteDB Anywhere", "versions": [{"status": "affected", "version": "2.14.0.0", "versionType": "git", "lessThanOrEqual": "2.14.17.0"}, {"status": "affected", "version": "2.16.0.0", "versionType": "git", "lessThanOrEqual": "2.16.9.0"}, {"status": "affected", "version": "2.18.0.0", "lessThan": "2.18.7.0", "versionType": "git"}, {"status": "affected", "version": "2.20.0.0", "lessThan": "2.20.3.0", "versionType": "git"}], "platforms": ["Linux", "Docker", "Kubernetes"], "defaultStatus": "unaffected"}], "datePublic": "2024-07-18T21:48:00.000Z", "references": [{"url": "https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662", "tags": ["patch"]}, {"url": "https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.", "supportingMedia": [{"type": "text/html", "value": "Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "shortName": "Yugabyte", "dateUpdated": "2024-07-19T14:57:00.607Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6908", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:45:38.372Z", "dateReserved": "2024-07-18T21:27:07.259Z", "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "datePublished": "2024-07-19T14:57:00.607Z", "assignerShortName": "Yugabyte"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data."}, {"lang": "es", "value": " La gesti\u00f3n inadecuada de privilegios en la plataforma Yugabyte permite a los usuarios administradores autenticados escalar privilegios a SuperAdmin a trav\u00e9s de una solicitud HTTP PUT manipulada, lo que podr\u00eda conducir a un acceso no autorizado a funciones y datos confidenciales del sistema."}], "id": "CVE-2024-6908", "lastModified": "2024-11-21T09:50:31.250", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "HIGH"}, "source": "security@yugabyte.com", "type": "Secondary"}]}, "published": "2024-07-19T15:15:10.747", "references": [{"source": "security@yugabyte.com", "url": "https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662"}, {"source": "security@yugabyte.com", "url": "https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb"}], "sourceIdentifier": "security@yugabyte.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@yugabyte.com", "type": "Secondary"}]}