CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231)
References
Link | Resource |
---|---|
https://github.com/crate/crate/issues/15231 | Exploit Issue Tracking |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-30T00:00:00
Updated: 2024-01-30T00:25:22.030641
Reserved: 2023-12-26T00:00:00
Link: CVE-2023-51982
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-30T01:15:59.013
Modified: 2024-02-06T18:30:13.563
Link: CVE-2023-51982
JSON object: View
Redhat Information
No data.
CWE