Vulnerabilities > Yugabyte > Yugabytedb > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-08 CVE-2023-6001 Missing Authorization vulnerability in Yugabyte Yugabytedb
Prometheus metrics are available without authentication.
network
low complexity
yugabyte CWE-862
7.5
7.5
2023-08-30 CVE-2023-4640 Unspecified vulnerability in Yugabyte Yugabytedb
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated.
network
low complexity
yugabyte
7.5
7.5