CVE-2023-29195

Vitess VTAdmin users that can create shards can deny access to other functions

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-04-03 CVE Reserved
2023-05-11 CVE Published
2025-01-24 CVE Updated
2025-01-24 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation
CWE-703: Improper Check or Handling of Exceptional Conditions

CAPEC

References (6)

URL	Tag	Source
https://github.com/vitessio/vitess/releases/tag/v16.0.2	Release Notes
https://pkg.go.dev/vitess.io/vitess@v0.16.2	Product

URL	Date	SRC
https://github.com/vitessio/vitess/issues/12842	2025-01-24

URL	Date	SRC
https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920	2023-05-22
https://github.com/vitessio/vitess/pull/12843	2023-05-22

URL	Date	SRC
https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w	2023-05-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linuxfoundation Search vendor "Linuxfoundation"		Vitess Search vendor "Linuxfoundation" for product "Vitess"				< 16.0.2 Search vendor "Linuxfoundation" for product "Vitess" and version " < 16.0.2"		-		Affected