Vulnerability Description
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.
Related Weaknesses (CWE)
References
- https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1c
- https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721
- https://github.com/yugabyte/yugabyte-db/commit/03b193de40b79329439bb9968a7d27a1c
- https://github.com/yugabyte/yugabyte-db/commit/68f01680c565be2a370cfb7734a1b3721
FAQ
What is CVE-2024-6908?
CVE-2024-6908 is a documented vulnerability. Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to s...
How severe is CVE-2024-6908?
CVSS scoring is not yet available for CVE-2024-6908. Check NVD for updates.
Is there a patch for CVE-2024-6908?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.