Search criteria
10 vulnerabilities found for vitess by linuxfoundation
CVE-2026-27969 (GCVE-0-2026-27969)
Vulnerability from nvd – Published: 2026-02-26 01:52 – Updated: 2026-02-26 19:33
VLAI?
Title
Vitess users with backup storage access can write to arbitrary file paths on restore
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment — allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. No known workarounds are available.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:33:42.759773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:33:53.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 22.0.4"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest \u2014 which may be files that they have also added to the manifest and backup contents \u2014\u00a0are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment \u2014 allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. No known workarounds are available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:L/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:52:30.677Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-r492-hjgh-c9gw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-r492-hjgh-c9gw"
},
{
"name": "https://github.com/vitessio/vitess/pull/19470",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/pull/19470"
},
{
"name": "https://github.com/vitessio/vitess/commit/c565cab615bc962bda061dcd645aa7506c59ca4a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/c565cab615bc962bda061dcd645aa7506c59ca4a"
}
],
"source": {
"advisory": "GHSA-r492-hjgh-c9gw",
"discovery": "UNKNOWN"
},
"title": "Vitess users with backup storage access can write to arbitrary file paths on restore"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27969",
"datePublished": "2026-02-26T01:52:30.677Z",
"dateReserved": "2026-02-25T03:24:57.793Z",
"dateUpdated": "2026-02-26T19:33:53.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27965 (GCVE-0-2026-27965)
Vulnerability from nvd – Published: 2026-02-26 01:49 – Updated: 2026-02-26 19:32
VLAI?
Title
Vitess users with backup storage access can gain unauthorized access to production deployment environments
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment — allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. Some workarounds are available. Those who intended to use an external decompressor then can always specify that decompressor command in the `--external-decompressor` flag value for `vttablet` and `vtbackup`. That then overrides any value specified in the manifest file. Those who did not intend to use an external decompressor, nor an internal one, can specify a value such as `cat` or `tee` in the `--external-decompressor` flag value for `vttablet` and `vtbackup` to ensure that a harmless command is always used.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:32:38.363771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:32:59.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 22.0.4"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment \u2014 allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. Some workarounds are available. Those who intended to use an external decompressor then can always specify that decompressor command in the `--external-decompressor` flag value for `vttablet` and `vtbackup`. That then overrides any value specified in the manifest file. Those who did not intend to use an external decompressor, nor an internal one, can specify a value such as `cat` or `tee` in the `--external-decompressor` flag value for `vttablet` and `vtbackup` to ensure that a harmless command is always used."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:49:10.071Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-8g8j-r87h-p36x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-8g8j-r87h-p36x"
},
{
"name": "https://github.com/vitessio/vitess/issues/19459",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/issues/19459"
},
{
"name": "https://github.com/vitessio/vitess/pull/19460",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/pull/19460"
},
{
"name": "https://github.com/vitessio/vitess/commit/4c0173293907af9cb942a6683c465c3f1e9fdb5c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/4c0173293907af9cb942a6683c465c3f1e9fdb5c"
}
],
"source": {
"advisory": "GHSA-8g8j-r87h-p36x",
"discovery": "UNKNOWN"
},
"title": "Vitess users with backup storage access can gain unauthorized access to production deployment environments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27965",
"datePublished": "2026-02-26T01:49:10.071Z",
"dateReserved": "2026-02-25T03:24:57.793Z",
"dateUpdated": "2026-02-26T19:32:59.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29195 (GCVE-0-2023-29195)
Vulnerability from nvd – Published: 2023-05-11 19:07 – Updated: 2025-01-24 21:28
VLAI?
Title
Vitess VTAdmin users that can create shards can deny access to other functions
Summary
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server.
Severity ?
4.1 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"
},
{
"name": "https://github.com/vitessio/vitess/issues/12842",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/issues/12842"
},
{
"name": "https://github.com/vitessio/vitess/pull/12843",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/pull/12843"
},
{
"name": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"
},
{
"name": "https://github.com/vitessio/vitess/releases/tag/v16.0.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"
},
{
"name": "https://pkg.go.dev/vitess.io/vitess@v0.16.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T21:28:35.583348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T21:28:41.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 16.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T19:07:39.530Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"
},
{
"name": "https://github.com/vitessio/vitess/issues/12842",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/issues/12842"
},
{
"name": "https://github.com/vitessio/vitess/pull/12843",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/pull/12843"
},
{
"name": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"
},
{
"name": "https://github.com/vitessio/vitess/releases/tag/v16.0.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"
},
{
"name": "https://pkg.go.dev/vitess.io/vitess@v0.16.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"
}
],
"source": {
"advisory": "GHSA-pqj7-jx24-wj7w",
"discovery": "UNKNOWN"
},
"title": "Vitess VTAdmin users that can create shards can deny access to other functions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29195",
"datePublished": "2023-05-11T19:07:39.530Z",
"dateReserved": "2023-04-03T13:37:18.453Z",
"dateUpdated": "2025-01-24T21:28:41.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29194 (GCVE-0-2023-29194)
Vulnerability from nvd – Published: 2023-04-14 18:42 – Updated: 2025-02-06 18:43
VLAI?
Title
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient).
Severity ?
4.1 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f"
},
{
"name": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88"
},
{
"name": "https://github.com/vitessio/vitess/commits/v0.16.1/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commits/v0.16.1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T18:43:44.701887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T18:43:49.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 0.16.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-14T18:42:54.461Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f"
},
{
"name": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88"
},
{
"name": "https://github.com/vitessio/vitess/commits/v0.16.1/",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commits/v0.16.1/"
}
],
"source": {
"advisory": "GHSA-735r-hv67-g38f",
"discovery": "UNKNOWN"
},
"title": "vitess allows users to create keyspaces that can deny access to already existing keyspaces"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29194",
"datePublished": "2023-04-14T18:42:54.461Z",
"dateReserved": "2023-04-03T13:37:18.453Z",
"dateUpdated": "2025-02-06T18:43:49.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-27969 (GCVE-0-2026-27969)
Vulnerability from cvelistv5 – Published: 2026-02-26 01:52 – Updated: 2026-02-26 19:33
VLAI?
Title
Vitess users with backup storage access can write to arbitrary file paths on restore
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment — allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. No known workarounds are available.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:33:42.759773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:33:53.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 22.0.4"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest \u2014 which may be files that they have also added to the manifest and backup contents \u2014\u00a0are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment \u2014 allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. No known workarounds are available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:L/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:52:30.677Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-r492-hjgh-c9gw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-r492-hjgh-c9gw"
},
{
"name": "https://github.com/vitessio/vitess/pull/19470",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/pull/19470"
},
{
"name": "https://github.com/vitessio/vitess/commit/c565cab615bc962bda061dcd645aa7506c59ca4a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/c565cab615bc962bda061dcd645aa7506c59ca4a"
}
],
"source": {
"advisory": "GHSA-r492-hjgh-c9gw",
"discovery": "UNKNOWN"
},
"title": "Vitess users with backup storage access can write to arbitrary file paths on restore"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27969",
"datePublished": "2026-02-26T01:52:30.677Z",
"dateReserved": "2026-02-25T03:24:57.793Z",
"dateUpdated": "2026-02-26T19:33:53.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27965 (GCVE-0-2026-27965)
Vulnerability from cvelistv5 – Published: 2026-02-26 01:49 – Updated: 2026-02-26 19:32
VLAI?
Title
Vitess users with backup storage access can gain unauthorized access to production deployment environments
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment — allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. Some workarounds are available. Those who intended to use an external decompressor then can always specify that decompressor command in the `--external-decompressor` flag value for `vttablet` and `vtbackup`. That then overrides any value specified in the manifest file. Those who did not intend to use an external decompressor, nor an internal one, can specify a value such as `cat` or `tee` in the `--external-decompressor` flag value for `vttablet` and `vtbackup` to ensure that a harmless command is always used.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:32:38.363771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:32:59.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 22.0.4"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment \u2014 allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. Some workarounds are available. Those who intended to use an external decompressor then can always specify that decompressor command in the `--external-decompressor` flag value for `vttablet` and `vtbackup`. That then overrides any value specified in the manifest file. Those who did not intend to use an external decompressor, nor an internal one, can specify a value such as `cat` or `tee` in the `--external-decompressor` flag value for `vttablet` and `vtbackup` to ensure that a harmless command is always used."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T01:49:10.071Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-8g8j-r87h-p36x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-8g8j-r87h-p36x"
},
{
"name": "https://github.com/vitessio/vitess/issues/19459",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/issues/19459"
},
{
"name": "https://github.com/vitessio/vitess/pull/19460",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/pull/19460"
},
{
"name": "https://github.com/vitessio/vitess/commit/4c0173293907af9cb942a6683c465c3f1e9fdb5c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/4c0173293907af9cb942a6683c465c3f1e9fdb5c"
}
],
"source": {
"advisory": "GHSA-8g8j-r87h-p36x",
"discovery": "UNKNOWN"
},
"title": "Vitess users with backup storage access can gain unauthorized access to production deployment environments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27965",
"datePublished": "2026-02-26T01:49:10.071Z",
"dateReserved": "2026-02-25T03:24:57.793Z",
"dateUpdated": "2026-02-26T19:32:59.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29195 (GCVE-0-2023-29195)
Vulnerability from cvelistv5 – Published: 2023-05-11 19:07 – Updated: 2025-01-24 21:28
VLAI?
Title
Vitess VTAdmin users that can create shards can deny access to other functions
Summary
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server.
Severity ?
4.1 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"
},
{
"name": "https://github.com/vitessio/vitess/issues/12842",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/issues/12842"
},
{
"name": "https://github.com/vitessio/vitess/pull/12843",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/pull/12843"
},
{
"name": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"
},
{
"name": "https://github.com/vitessio/vitess/releases/tag/v16.0.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"
},
{
"name": "https://pkg.go.dev/vitess.io/vitess@v0.16.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T21:28:35.583348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T21:28:41.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 16.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T19:07:39.530Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"
},
{
"name": "https://github.com/vitessio/vitess/issues/12842",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/issues/12842"
},
{
"name": "https://github.com/vitessio/vitess/pull/12843",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/pull/12843"
},
{
"name": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"
},
{
"name": "https://github.com/vitessio/vitess/releases/tag/v16.0.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"
},
{
"name": "https://pkg.go.dev/vitess.io/vitess@v0.16.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"
}
],
"source": {
"advisory": "GHSA-pqj7-jx24-wj7w",
"discovery": "UNKNOWN"
},
"title": "Vitess VTAdmin users that can create shards can deny access to other functions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29195",
"datePublished": "2023-05-11T19:07:39.530Z",
"dateReserved": "2023-04-03T13:37:18.453Z",
"dateUpdated": "2025-01-24T21:28:41.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29194 (GCVE-0-2023-29194)
Vulnerability from cvelistv5 – Published: 2023-04-14 18:42 – Updated: 2025-02-06 18:43
VLAI?
Title
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient).
Severity ?
4.1 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f"
},
{
"name": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88"
},
{
"name": "https://github.com/vitessio/vitess/commits/v0.16.1/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitessio/vitess/commits/v0.16.1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T18:43:44.701887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T18:43:49.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vitess",
"vendor": "vitessio",
"versions": [
{
"status": "affected",
"version": "\u003c 0.16.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-14T18:42:54.461Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f"
},
{
"name": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88"
},
{
"name": "https://github.com/vitessio/vitess/commits/v0.16.1/",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitessio/vitess/commits/v0.16.1/"
}
],
"source": {
"advisory": "GHSA-735r-hv67-g38f",
"discovery": "UNKNOWN"
},
"title": "vitess allows users to create keyspaces that can deny access to already existing keyspaces"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29194",
"datePublished": "2023-04-14T18:42:54.461Z",
"dateReserved": "2023-04-03T13:37:18.453Z",
"dateUpdated": "2025-02-06T18:43:49.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2023-29195
Vulnerability from fkie_nvd - Published: 2023-05-11 20:15 - Updated: 2024-11-21 07:56
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | vitess | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:vitess:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA4AFFF-C602-4288-9D50-AE0D4AEF1E97",
"versionEndExcluding": "16.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server."
}
],
"id": "CVE-2023-29195",
"lastModified": "2024-11-21T07:56:41.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-11T20:15:09.403",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/vitessio/vitess/issues/12842"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/vitessio/vitess/pull/12843"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/vitessio/vitess/issues/12842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/vitessio/vitess/pull/12843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-29194
Vulnerability from fkie_nvd - Published: 2023-04-14 19:15 - Updated: 2024-11-21 07:56
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | vitess | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:vitess:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D98CFEE-5298-48D6-8FAE-ED4E137D1741",
"versionEndExcluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient)."
}
],
"id": "CVE-2023-29194",
"lastModified": "2024-11-21T07:56:41.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-14T19:15:09.273",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/vitessio/vitess/commits/v0.16.1/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/vitessio/vitess/commits/v0.16.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}