CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231)
References
Link Resource
https://github.com/crate/crate/issues/15231 Exploit Issue Tracking
https://github.com/crate/crate/issues/15231 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:cratedb:cratedb:5.5.1:*:*:*:*:*:*:*

History

21 Nov 2024, 08:39

Type Values Removed Values Added
References () https://github.com/crate/crate/issues/15231 - Exploit, Issue Tracking () https://github.com/crate/crate/issues/15231 - Exploit, Issue Tracking

06 Feb 2024, 18:30

Type Values Removed Values Added
References () https://github.com/crate/crate/issues/15231 - () https://github.com/crate/crate/issues/15231 - Exploit, Issue Tracking
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-287
First Time Cratedb
Cratedb cratedb
CPE cpe:2.3:a:cratedb:cratedb:5.5.1:*:*:*:*:*:*:*

30 Jan 2024, 14:18

Type Values Removed Values Added
Summary
  • (es) CrateDB 5.5.1 contiene una vulnerabilidad de omisión de autenticación en el componente de la interfaz de usuario de administración. Después de configurar la autenticación de contraseña y_ Local_ En el caso de una dirección, la autenticación de identidad se puede omitir configurando el encabezado de solicitud de IP de X-Real en un valor específico y accediendo a la interfaz de usuario del administrador directamente utilizando la identidad de usuario predeterminada. (https://github. es/crate/crate/issues/15231)

30 Jan 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-30 01:15

Updated : 2025-05-29 15:15


NVD link : CVE-2023-51982

Mitre link : CVE-2023-51982

CVE.ORG link : CVE-2023-51982


JSON object : View

Products Affected

cratedb

  • cratedb
CWE
CWE-287

Improper Authentication