| Summary | YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records. |
|---|---|
| Publication Date | Aug. 12, 2025, 2:15 a.m. |
| Registration Date | Aug. 12, 2025, 4 a.m. |
| Last Update | Aug. 12, 2025, 2:15 a.m. |