CVE-2024-6895 - Yugabyte Platform Authentication Bypass Vulnerability
CVE ID : CVE-2024-6895 Published : July 19, 2024, 3:15 p.m. | 44 minutes ago Description : Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-6895
Published : July 19, 2024, 3:15 p.m. | 44 minutes ago
Description : Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : July 19, 2024, 3:15 p.m. | 44 minutes ago
Description : Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
