CVE-2024-6908

MEDIUM

Yugabyte Platform - Privilege Escalation

Title source: llm

Description

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.

References (2)

Core 2

Core References

Patch patch

https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1cc57d662

View Patch ZIP pw:eip

Patch patch

https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721d6778bb

View Patch ZIP pw:eip

Scores

CVSS v4 6.0

EPSS 0.0026

EPSS Percentile 17.3%

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (4)

YugabyteDB/YugabyteDB Anywhere 2.14.0.0 - 2.14.17.0

YugabyteDB/YugabyteDB Anywhere 2.16.0.0 - 2.16.9.0

YugabyteDB/YugabyteDB Anywhere 2.18.0.0 - 2.18.7.0

YugabyteDB/YugabyteDB Anywhere 2.20.0.0 - 2.20.3.0

Published Jul 19, 2024

Tracked Since Feb 18, 2026