VYPR
Critical severity9.8NVD Advisory· Published Jan 30, 2024· Updated Jun 17, 2026

CVE-2023-51982

CVE-2023-51982

Description

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.crate:crateMaven
< 5.2.115.2.11
io.crate:crateMaven
>= 5.3.0, < 5.3.85.3.8
io.crate:crateMaven
>= 5.4.0, < 5.4.75.4.7
io.crate:crateMaven
>= 5.5.0, < 5.5.25.5.2

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.