Vulnerabilities > Yugabyte > Yugabytedb > 2.6.1

DATE CVE VULNERABILITY TITLE RISK
2023-11-08 CVE-2023-6001 Missing Authorization vulnerability in Yugabyte Yugabytedb
Prometheus metrics are available without authentication.
network
low complexity
yugabyte CWE-862
7.5
2023-08-30 CVE-2023-4640 Unspecified vulnerability in Yugabyte Yugabytedb
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated.
network
low complexity
yugabyte
7.5
2022-08-12 CVE-2022-37397 Improper Authentication vulnerability in Yugabyte Yugabytedb 2.6.1
An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory.
network
low complexity
yugabyte CWE-287
critical
9.8