{"id":"CVE-2024-11193","details":"An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password. An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources\nThis issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0.","modified":"2026-04-12T10:20:14.787251Z","published":"2024-11-13T21:15:08.730Z","references":[{"type":"FIX","url":"https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yugabyte/yugabyte-db","events":[{"introduced":"0026607ed49516b4d5770f5479dd5d60d44710af"},{"fixed":"4d24bbc5f6bafc60c761c108c9f2612e1f01c3b1"},{"introduced":"a31a4eba31527467192adc816e771ac09c28bb1a"},{"fixed":"6acbaf1283d6ce33f0f401725814c8930d3f8a3f"},{"introduced":"03545b054cb8f3ab09e15f46bc26373fa6cca053"},{"fixed":"0b04fe41caf79c06cfce56cd80731e072853fe3b"},{"fixed":"0bf6e5a3e9c0718a28e654483596615d0798b208"}],"database_specific":{"source":["DESCRIPTION","REFERENCES"],"extracted_events":[{"introduced":"2.20.0.0"},{"fixed":"2.20.7.0"},{"introduced":"2.23.0.0"},{"fixed":"2.23.1.0"},{"introduced":"2024.1.0.0"},{"fixed":"2024.1.3.0"}]}}],"database_specific":{"vanir_signatures":[{"target":{"file":"src/yb/integration-tests/cdcsdk_ysql_test_base.cc"},"id":"CVE-2024-11193-1c5c4c77","signature_type":"Line","source":"https://github.com/yugabyte/yugabyte-db/commit/6acbaf1283d6ce33f0f401725814c8930d3f8a3f","digest":{"line_hashes":["69179067894327887912844943950513610569","62632090007202468744299428039733670264","314606144803636029966044588341940063793","97341136238648283649026300297949680293","266944137342694237301420719683804269017","142297340080821180874701275917071130179","112507651040781896521797591805218505136","102178576102451292256067002058568799021"],"threshold":0.9},"signature_version":"v1","deprecated":false},{"target":{"function":"CDCSDKYsqlTest::WaitForPostApplyMetadataWritten","file":"src/yb/integration-tests/cdcsdk_ysql_test_base.cc"},"id":"CVE-2024-11193-1d2791ba","signature_type":"Function","source":"https://github.com/yugabyte/yugabyte-db/commit/6acbaf1283d6ce33f0f401725814c8930d3f8a3f","digest":{"length":886,"function_hash":"61304604467114724231489717524990766445"},"signature_version":"v1","deprecated":false},{"target":{"file":"managed/src/main/java/com/yugabyte/yw/commissioner/TaskExecutor.java"},"id":"CVE-2024-11193-2ad0b073","signature_type":"Line","source":"https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208","digest":{"line_hashes":["258051176077092984177624323185447576244","119310126238447863798384713511171040445","262612273755265148536976821337923310984","303966987272173815518912415354934827579","54163156721395769076409203877653365101","223394532612128276580297528371209018647","296336364169954591320225682271665464953","166263114759499904924785981269781895124","200449559046736167203637547311126096024","165934095584649135602937732010436063891","147046368941144848167940558156707149873","313329457609278926313772400673066688571","309374154395419930690308505644046801422","95490881050295520394107270910005172594","142104926047364300929721960270629008307","24606287244529934180197797285547863855","16723647938349894743307754604561356211","101554055020545987436920178005987202151","3778979589353758441341114652063348229","29150308836929900262409760752812835884"],"threshold":0.9},"signature_version":"v1","deprecated":false},{"target":{"file":"src/yb/tablet/transaction_participant.cc"},"id":"CVE-2024-11193-9a991ed0","signature_type":"Line","source":"https://github.com/yugabyte/yugabyte-db/commit/6acbaf1283d6ce33f0f401725814c8930d3f8a3f","digest":{"line_hashes":["118191393160726067434713943001141879471","46171788352154076957205854285512365245","312608642798048294930796893405647436073","217624878082735707317385964167046162870"],"threshold":0.9},"signature_version":"v1","deprecated":false},{"target":{"function":"updateTaskDetailsOnError","file":"managed/src/main/java/com/yugabyte/yw/commissioner/TaskExecutor.java"},"id":"CVE-2024-11193-9dc1b330","signature_type":"Function","source":"https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208","digest":{"length":1163,"function_hash":"27409121137376851702011446624263325891"},"signature_version":"v1","deprecated":false},{"target":{"file":"managed/src/main/java/com/yugabyte/yw/common/RedactingService.java"},"id":"CVE-2024-11193-d7e161a3","signature_type":"Line","source":"https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208","digest":{"line_hashes":["279665987048080382511824551281794547992","39964002010194503240762068851972738700","158298274865329077984309212075577480025","52461539356800698058946441856684878276"],"threshold":0.9},"signature_version":"v1","deprecated":false},{"target":{"function":"run","file":"managed/src/main/java/com/yugabyte/yw/commissioner/TaskExecutor.java"},"id":"CVE-2024-11193-dad6cee2","signature_type":"Function","source":"https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208","digest":{"length":454,"function_hash":"228159639854607462434758846199612875452"},"signature_version":"v1","deprecated":false},{"target":{"file":"managed/src/main/java/com/yugabyte/yw/commissioner/tasks/upgrade/GFlagsUpgrade.java"},"id":"CVE-2024-11193-e6907f61","signature_type":"Line","source":"https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208","digest":{"line_hashes":["24730695994896883167426217894826343487","113038618170327957152140467468618592427","125956716752453499460331008929806329691","76028456020034666355877952200984818793","212249472292671301518670445809671806558","100970112932659755746563529814012769222","78936586700403455476362069130607805744","43175155816525472624817479103514821574","194352263970415625470211085206611236737","54609275186252866769776133220632158973","253025974862721525119376474148022759921","33134031676010660090269065050105187316","123769174991174709258999924561358139583","310562877125030624325086718374377557543","38180498144156187419814430987832396906","82167945501398963747001392722612255611","142970355729560626425924553783233160163","3848980564395418392998567682372654361","294904113778130604530165734649812341118","179011047418663400288196977244498251834","61728896726402318687446022999804130790","271582108944149040576257177982346409260"],"threshold":0.9},"signature_version":"v1","deprecated":false},{"target":{"file":"src/yb/tablet/tablet_bootstrap.cc"},"id":"CVE-2024-11193-f2ccf6ad","signature_type":"Line","source":"https://github.com/yugabyte/yugabyte-db/commit/6acbaf1283d6ce33f0f401725814c8930d3f8a3f","digest":{"line_hashes":["127408575875813910990999087701724863600","243449743797406210735496558378245324576","203259259799840998722605634777905663733","112809946461783654759815586232372389921"],"threshold":0.9},"signature_version":"v1","deprecated":false},{"target":{"function":"calculateNodesToBeRestarted","file":"managed/src/main/java/com/yugabyte/yw/commissioner/tasks/upgrade/GFlagsUpgrade.java"},"id":"CVE-2024-11193-fb23f97d","signature_type":"Function","source":"https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208","digest":{"length":1766,"function_hash":"153100767572425463742379920104299310275"},"signature_version":"v1","deprecated":false}],"vanir_signatures_modified":"2026-04-12T10:20:14Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11193.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}