Severity by source
Sources disagree (Medium–Critical)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
Analysis
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
Technical ContextAI
SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.
RemediationAI
Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.
More in Yubiserver
View allSame weakness CWE-89 – SQL Injection
View allSame technique Authentication Bypass
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 0.6-3 |
| cosmic | not-affected | 0.6-3 |
| disco | not-affected | 0.6-3 |
| precise | ignored | end of life |
| upstream | released | 0.6-1 |
| utopic | ignored | end of life |
| vivid | ignored | end of life |
| wily | ignored | end of life |
| xenial | not-affected | 0.6-3 |
| yakkety | ignored | end of life |
| zesty | ignored | end of life |
| trusty | DNE | trusty/esm was DNE [trusty was needed] |
Debian
Bug #796495| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm, bullseye | fixed | 0.6-3.1 | - |
| trixie | fixed | 0.6-3.2 | - |
| (unstable) | fixed | 0.6-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2015-0854