CVE-2023-33972

Name of the Vulnerable Software and Affected Versions Scylladb (affected versions not specified)

Description The issue is related to errors in privilege management in the NoSQL database management system Scylladb. Exploitation of this issue may allow a remote attacker to escalate their privileges. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table.

Recommendations As a temporary workaround, consider disabling CREATE privileges on a keyspace, and create new tables on behalf of other users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.