CVE-2024-11193
- Source
- https://cve.org/CVERecord?id=CVE-2024-11193
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11193.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-11193
- Published
- 2024-11-13T21:15:08.730Z
- Modified
- 2026-02-17T00:35:07.921491Z
- Severity
-
- 5.0 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password. An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0.
- References
Affected packages
Git / github.com/yugabyte/yugabyte-db
Affected ranges
- Type
- GIT
- Repo
- https://github.com/yugabyte/yugabyte-db
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11193.json"
vanir_signatures
[
{
"source": "https://github.com/yugabyte/yugabyte-db/commit/6acbaf1283d6ce33f0f401725814c8930d3f8a3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"69179067894327887912844943950513610569",
"62632090007202468744299428039733670264",
"314606144803636029966044588341940063793",
"97341136238648283649026300297949680293",
"266944137342694237301420719683804269017",
"142297340080821180874701275917071130179",
"112507651040781896521797591805218505136",
"102178576102451292256067002058568799021"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/yb/integration-tests/cdcsdk_ysql_test_base.cc"
},
"signature_version": "v1",
"id": "CVE-2024-11193-1c5c4c77"
},
{
"source": "https://github.com/yugabyte/yugabyte-db/commit/6acbaf1283d6ce33f0f401725814c8930d3f8a3f",
"digest": {
"length": 886.0,
"function_hash": "61304604467114724231489717524990766445"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "CDCSDKYsqlTest::WaitForPostApplyMetadataWritten",
"file": "src/yb/integration-tests/cdcsdk_ysql_test_base.cc"
},
"signature_version": "v1",
"id": "CVE-2024-11193-1d2791ba"
},
{
"source": "https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208",
"digest": {
"threshold": 0.9,
"line_hashes": [
"258051176077092984177624323185447576244",
"119310126238447863798384713511171040445",
"262612273755265148536976821337923310984",
"303966987272173815518912415354934827579",
"54163156721395769076409203877653365101",
"223394532612128276580297528371209018647",
"296336364169954591320225682271665464953",
"166263114759499904924785981269781895124",
"200449559046736167203637547311126096024",
"165934095584649135602937732010436063891",
"147046368941144848167940558156707149873",
"313329457609278926313772400673066688571",
"309374154395419930690308505644046801422",
"95490881050295520394107270910005172594",
"142104926047364300929721960270629008307",
"24606287244529934180197797285547863855",
"16723647938349894743307754604561356211",
"101554055020545987436920178005987202151",
"3778979589353758441341114652063348229",
"29150308836929900262409760752812835884"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "managed/src/main/java/com/yugabyte/yw/commissioner/TaskExecutor.java"
},
"signature_version": "v1",
"id": "CVE-2024-11193-2ad0b073"
},
{
"source": "https://github.com/yugabyte/yugabyte-db/commit/6acbaf1283d6ce33f0f401725814c8930d3f8a3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"118191393160726067434713943001141879471",
"46171788352154076957205854285512365245",
"312608642798048294930796893405647436073",
"217624878082735707317385964167046162870"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/yb/tablet/transaction_participant.cc"
},
"signature_version": "v1",
"id": "CVE-2024-11193-9a991ed0"
},
{
"source": "https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208",
"digest": {
"length": 1163.0,
"function_hash": "27409121137376851702011446624263325891"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "updateTaskDetailsOnError",
"file": "managed/src/main/java/com/yugabyte/yw/commissioner/TaskExecutor.java"
},
"signature_version": "v1",
"id": "CVE-2024-11193-9dc1b330"
},
{
"source": "https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208",
"digest": {
"threshold": 0.9,
"line_hashes": [
"279665987048080382511824551281794547992",
"39964002010194503240762068851972738700",
"158298274865329077984309212075577480025",
"52461539356800698058946441856684878276"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "managed/src/main/java/com/yugabyte/yw/common/RedactingService.java"
},
"signature_version": "v1",
"id": "CVE-2024-11193-d7e161a3"
},
{
"source": "https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208",
"digest": {
"length": 454.0,
"function_hash": "228159639854607462434758846199612875452"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "run",
"file": "managed/src/main/java/com/yugabyte/yw/commissioner/TaskExecutor.java"
},
"signature_version": "v1",
"id": "CVE-2024-11193-dad6cee2"
},
{
"source": "https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208",
"digest": {
"threshold": 0.9,
"line_hashes": [
"24730695994896883167426217894826343487",
"113038618170327957152140467468618592427",
"125956716752453499460331008929806329691",
"76028456020034666355877952200984818793",
"212249472292671301518670445809671806558",
"100970112932659755746563529814012769222",
"78936586700403455476362069130607805744",
"43175155816525472624817479103514821574",
"194352263970415625470211085206611236737",
"54609275186252866769776133220632158973",
"253025974862721525119376474148022759921",
"33134031676010660090269065050105187316",
"123769174991174709258999924561358139583",
"310562877125030624325086718374377557543",
"38180498144156187419814430987832396906",
"82167945501398963747001392722612255611",
"142970355729560626425924553783233160163",
"3848980564395418392998567682372654361",
"294904113778130604530165734649812341118",
"179011047418663400288196977244498251834",
"61728896726402318687446022999804130790",
"271582108944149040576257177982346409260"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "managed/src/main/java/com/yugabyte/yw/commissioner/tasks/upgrade/GFlagsUpgrade.java"
},
"signature_version": "v1",
"id": "CVE-2024-11193-e6907f61"
},
{
"source": "https://github.com/yugabyte/yugabyte-db/commit/6acbaf1283d6ce33f0f401725814c8930d3f8a3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"127408575875813910990999087701724863600",
"243449743797406210735496558378245324576",
"203259259799840998722605634777905663733",
"112809946461783654759815586232372389921"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/yb/tablet/tablet_bootstrap.cc"
},
"signature_version": "v1",
"id": "CVE-2024-11193-f2ccf6ad"
},
{
"source": "https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208",
"digest": {
"length": 1766.0,
"function_hash": "153100767572425463742379920104299310275"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "calculateNodesToBeRestarted",
"file": "managed/src/main/java/com/yugabyte/yw/commissioner/tasks/upgrade/GFlagsUpgrade.java"
},
"signature_version": "v1",
"id": "CVE-2024-11193-fb23f97d"
}
]