Critical severity9.8NVD Advisory· Published Jan 30, 2024· Updated Jun 17, 2026
CVE-2023-51982
CVE-2023-51982
Description
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.crate:crateMaven | < 5.2.11 | 5.2.11 |
io.crate:crateMaven | >= 5.3.0, < 5.3.8 | 5.3.8 |
io.crate:crateMaven | >= 5.4.0, < 5.4.7 | 5.4.7 |
io.crate:crateMaven | >= 5.5.0, < 5.5.2 | 5.5.2 |
Affected products
2- CrateDB/CrateDBdescription
Patches
Vulnerability mechanics
References
9- github.com/crate/crate/issues/15231nvdExploitIssue TrackingWEB
- github.com/advisories/GHSA-7mgx-gvjw-m3w3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-51982ghsaADVISORY
- github.com/crate/crate/commit/0c166ef083bec4d64dd55c1d8cb9b3dec350d241ghsaWEB
- github.com/crate/crate/commit/5be7b3864137c23305ece10df3f7c311ee50ae4dghsaWEB
- github.com/crate/crate/commit/b8b4cec49a1c7eb2b5af568400bd571d194dc03eghsaWEB
- github.com/crate/crate/commit/da59311ca920743ebc58ee64c29cfe5723487f56ghsaWEB
- github.com/crate/crate/pull/15234ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/crate/PYSEC-2024-27.yamlghsaWEB
News mentions
0No linked articles in our index yet.