Home > Vulnerability Database > CVE-2022-31011

Mend.io Vulnerability Database

CVE-2022-31011

Date: May 31, 2022

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.

Language: Go

Severity Score

7.8

Related Resources (5)

Url: https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22

Url: https://github.com/pingcap/tidb/releases/tag/v5.3.1

Url: https://github.com/pingcap/tidb

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31011

Url: https://www.mend.io/vulnerability-database/CVE-2022-31011

Severity Score

7.8

Weakness Type (CWE)

Improper Authentication

CWE-287

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31011

Date: May 31, 2022

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?