{"id":"CVE-2023-6001","details":"Prometheus metrics are available without\nauthentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.","modified":"2026-04-12T16:55:27.213979Z","published":"2023-11-08T00:15:07.620Z","references":[{"type":"WEB","url":"https://www.yugabyte.com/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yugabyte/yugabyte-db","events":[{"introduced":"0b543e8ec9f16ae989ba29873e2d1d7977551b23"},{"fixed":"8bfaaf774a32922c96324d5968156d09208da671"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"fixed":"2.18.4.0"}]}}],"versions":["2.17.3.0-b25_FINAL","2.5.0.0","v1.0.0-beta-yugabyted-ui","v2.0.0","v2.0.1","v2.0.10","v2.0.11","v2.0.2","v2.0.3","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.1.4","v2.1.5","v2.1.6","v2.18.1.0","v2.18.3.0","v2.3.0.0","v2.3.1.0","v2.3.2.0","v2.5.1","v2.5.2","v2.5.3"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/yb/cdc/cdc_service.cc"},"source":"https://github.com/yugabyte/yugabyte-db/commit/8bfaaf774a32922c96324d5968156d09208da671","id":"CVE-2023-6001-41e6588c","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["80827085154125303073372876340429335157","213301357116681556123837186518095310807","196997219635300103637923178792153875377","55967654614646224305252561849308183624","183894326481794510604765214811862144898","262157667761185376620894840623660040535","80160025408048667580624713464088339015","63726725965755184658985833465422142945","77896092210469062741735582797154865297"]},"signature_version":"v1"},{"target":{"file":"src/yb/cdc/cdc_service.cc","function":"CDCServiceImpl::GetTabletListToPollForCDC"},"source":"https://github.com/yugabyte/yugabyte-db/commit/8bfaaf774a32922c96324d5968156d09208da671","id":"CVE-2023-6001-4badd14a","signature_type":"Function","deprecated":false,"digest":{"length":4375,"function_hash":"277481499911620480664605875056415942396"},"signature_version":"v1"}],"vanir_signatures_modified":"2026-04-12T16:55:27Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6001.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}