CVE-2023-0574

Name of the Vulnerable Software and Affected Versions Yugabyte Managed versions 2.0.0.0 through 2.13.0.0

Description The issue affects Yugabyte Managed, allowing accessing functionality not properly constrained by ACLs, communication channel manipulation, and authentication abuse due to Server-Side Request Forgery (SSRF), improperly controlled modification of dynamically-determined object attributes, and improper restriction of excessive authentication attempts.

Recommendations For versions 2.0.0.0 through 2.13.0.0, as a temporary workaround, consider restricting access to sensitive functionality and limiting authentication attempts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.