// For flags

CVE-2024-6908

Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request

Severity Score

6.0
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data.

La gestión inadecuada de privilegios en la plataforma Yugabyte permite a los usuarios administradores autenticados escalar privilegios a SuperAdmin a través de una solicitud HTTP PUT manipulada, lo que podría conducir a un acceso no autorizado a funciones y datos confidenciales del sistema.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
High
User Interaction
Passive
System
Vulnerable | Subsequent
Confidentiality
Low
High
Integrity
High
High
Availability
None
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-07-18 CVE Reserved
  • 2024-07-19 CVE Published
  • 2024-07-20 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
CAPEC
  • CAPEC-233: Privilege Escalation
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
YugabyteDB
Search vendor "YugabyteDB"
Yuga
Search vendor "YugabyteDB" for product "Yuga"
>= 2.14.0.0 <= 2.14.17.0
Search vendor "YugabyteDB" for product "Yuga" and version " >= 2.14.0.0 <= 2.14.17.0"
en
Affected
YugabyteDB
Search vendor "YugabyteDB"
Yuga
Search vendor "YugabyteDB" for product "Yuga"
>= 2.16.0.0 <= 2.16.9.0
Search vendor "YugabyteDB" for product "Yuga" and version " >= 2.16.0.0 <= 2.16.9.0"
en
Affected
YugabyteDB
Search vendor "YugabyteDB"
Yuga
Search vendor "YugabyteDB" for product "Yuga"
>= 2.18.0.0 < 2.18.7.0
Search vendor "YugabyteDB" for product "Yuga" and version " >= 2.18.0.0 < 2.18.7.0"
en
Affected
YugabyteDB
Search vendor "YugabyteDB"
Yuga
Search vendor "YugabyteDB" for product "Yuga"
>= 2.20.0.0 < 2.20.3.0
Search vendor "YugabyteDB" for product "Yuga" and version " >= 2.20.0.0 < 2.20.3.0"
en
Affected