Neurowinter

**Name of the Vulnerable Software and Affected Versions** Vitess versions prior to 23.0.3 Vitess versions prior to 22.0.4 **Description** Vitess is a database clustering system for horizontal scaling of MySQL. A flaw exists where someone with read/write access to the backup storage location can manipulate backup manifest files, leading to arbitrary code execution when the backup is restored. This could grant an attacker unintended access to the production deployment environment, allowing them to access information and execute arbitrary commands. **Recommendations** Update to Vitess version 23.0.3 or later. Update to Vitess version 22.0.4 or later. If using an external decompressor, specify the decompressor command using the `--external-decompressor` flag for `vttablet` and `vtbackup`. If not using an external or internal decompressor, specify a harmless command such as `cat` or `tee` in the `--external-decompressor` flag value for `vttablet` and `vtbackup`.

**Name of the Vulnerable Software and Affected Versions** Vitess versions prior to 23.0.3 and versions prior to 22.0.4 **Description** Vitess, a database clustering system for horizontal scaling of MySQL, contains a path traversal issue in the `builtinbackupengine` component during the backup restoration process. An attacker with read/write access to the backup storage location (such as an S3 bucket) can manipulate backup manifest files. This manipulation allows them to write files to arbitrary locations during a restore operation, potentially gaining unintended or unauthorized access to the production deployment environment. This access could allow the attacker to access sensitive information and execute arbitrary commands. The vulnerability arises from improper validation of file paths within the backup manifest. **Recommendations** Versions prior to 23.0.3 should be updated to version 23.0.3 or later. Versions prior to 22.0.4 should be updated to version 22.0.4 or later.