YugabyteDB
Moderate fix6 remedies
cpe:2.3:a:yugabyte:yugabytedb:*:*:*:*:*:*:*
Moderate fix6 remedies
- >= 2.0, <= 2.18.3.0
- >= 2.0, <= 2.14.13.0
- >= 2.16.7.0
- >= 2.18.3.0
- >= 2.0, <= 2.17.3.0
- >= 2.0, <= 2.13.0.0
- >= 2.0, <= 2.14.0.0
YugabyteDB Anywhere Authentication Bypass Vulnerability in the Universe API Endpoint
Vulnerability
Patched
An authentication bypass vulnerability has been identified in the YugabyteDB Anywhere web server, specifically within the universe API endpoint of the metamaster service. This flaw allows unauthenticated attackers to access sensitive server networking configuration details, such as private and public IP addresses and DNS records.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive networking information, potentially facilitating further attacks or exploitation.
Remediation
Users can upgrade to YugabyteDB Anywhere version 2.20.7.0, 2.23.1.0 or 2024.1.3.0 to address this vulnerability.
Added: Aug 11, 2025, 5:16 PM
Updated: Aug 11, 2025, 6:38 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
2.5exploitability
7.0remediation
7.7relevance
0.3threat
0.0urgency
0.0incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.