CVE-2023-0745

Name of the Vulnerable Software and Affected Versions YugabyteDB Anywhere versions 2.0.0.0 through 2.13.0.0

Description The High Availability functionality of Yugabyte Anywhere can be exploited to write arbitrary files through the backup upload endpoint by using path traversal characters. This issue is associated with the PlatformReplicationManager.Java program file.

Recommendations For versions 2.0.0.0 through 2.13.0.0, consider disabling the backup upload endpoint as a temporary workaround until a patch is available. Restrict access to the PlatformReplicationManager.Java file to minimize the risk of exploitation. Avoid using path traversal characters in the backup upload endpoint until the issue is resolved.