Improper Authorization Affecting github.com/cockroachdb/cockroach/pkg/server Open this link in a new tab package, versions <19.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
27 Nov 2019
19 Nov 2019
Introduced: 19 Nov 2019CWE-285 Open this link in a new tab
How to fix?
github.com/cockroachdb/cockroach/pkg/server to version 19.1 or higher.
github.com/cockroachdb/cockroach/pkg/server is an open source, cloud-native SQL database.
Affected versions of this package are vulnerable to Improper Authorization. A non-admin authenticated user can call any admin endpoint, even if they should be admin-only operations, as long as the endpoint is visible over HTTP. It makes it possible for non-admin users to shut down a node or view SQL objects on which they have no permission.