CVE-2022-31011 - Vulnerability Details

Vendors	Products
Pingcap	Tidb

Link	Providers
https://github.com/pingcap/tidb/releases/tag/v5.3.1
https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22

{"containers": {"cna": {"affected": [{"product": "tidb", "vendor": "pingcap", "versions": [{"status": "affected", "version": "= 5.3.0"}]}], "descriptions": [{"lang": "en", "value": "TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-31T19:30:18", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pingcap/tidb/releases/tag/v5.3.1"}], "source": {"advisory": "GHSA-4whx-7p29-mq22", "discovery": "UNKNOWN"}, "title": "TiDB authentication bypass vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2022-31011", "STATE": "PUBLIC", "TITLE": "TiDB authentication bypass vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tidb", "version": {"version_data": [{"version_value": "= 5.3.0"}]}}]}, "vendor_name": "pingcap"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287: Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22", "refsource": "CONFIRM", "url": "https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22"}, {"name": "https://github.com/pingcap/tidb/releases/tag/v5.3.1", "refsource": "MISC", "url": "https://github.com/pingcap/tidb/releases/tag/v5.3.1"}]}, "source": {"advisory": "GHSA-4whx-7p29-mq22", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:03:40.288Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pingcap/tidb/releases/tag/v5.3.1"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31011", "datePublished": "2022-05-31T19:30:18", "dateReserved": "2022-05-18T00:00:00", "dateUpdated": "2024-08-03T07:03:40.288Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pingcap:tidb:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "14E0B6A4-2AD9-4462-B4E8-F624ED98560F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time."}, {"lang": "es", "value": "TiDB es una base de datos NewSQL de c\u00f3digo abierto que soporta cargas de trabajo de Procesamiento Transaccional y Anal\u00edtico H\u00edbrido (HTAP). Bajo determinadas condiciones, un atacante puede construir peticiones de autenticaci\u00f3n maliciosas para omitir el proceso de autenticaci\u00f3n, resultando en una escalada de privilegios o un acceso no autorizado. S\u00f3lo los usuarios usando TiDB versi\u00f3n 5.3.0, est\u00e1n afectados por esta vulnerabilidad. TiDB versi\u00f3n 5.3.1, contiene un parche para este problema. Otras estrategias de mitigaci\u00f3n incluyen la deshabilitaci\u00f3n del modo mejorado de seguridad (SEM), la deshabilitaci\u00f3n del inicio de sesi\u00f3n local para las cuentas que no son root y la garant\u00eda de que la misma IP no puede iniciar sesi\u00f3n como root y usuario normal al mismo tiempo"}], "id": "CVE-2022-31011", "lastModified": "2024-11-21T07:03:42.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-05-31T20:15:08.100", "references": [{"source": "[email protected]", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/pingcap/tidb/releases/tag/v5.3.1"}, {"source": "[email protected]", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/pingcap/tidb/releases/tag/v5.3.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "[email protected]", "type": "Secondary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object