Name of the Vulnerable Software and Affected Versions CrateDB version 5.5.1

Description The issue concerns an authentication bypass in the Admin UI component. It can be exploited by setting the X-Real-IP request header to a specific value, allowing access to the Admin UI using the default user identity, thus bypassing identity authentication.

Recommendations For CrateDB version 5.5.1, as a temporary workaround, consider restricting direct access to the Admin UI until a patch is available. Avoid using the default user identity in the Admin UI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.