Vulnerabilities > Yugabyte > Yugabytedb > 2.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-08 | CVE-2023-6001 | Missing Authorization vulnerability in Yugabyte Yugabytedb Prometheus metrics are available without authentication. | 7.5 |
| 2023-08-30 | CVE-2023-4640 | Unspecified vulnerability in Yugabyte Yugabytedb The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. | 7.5 |
| 2022-08-12 | CVE-2022-37397 | Improper Authentication vulnerability in Yugabyte Yugabytedb 2.6.1 An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. | 9.8 |