CVE-2022-31011: 
NixOS vulnerability analysis and mitigation

CVE-2022-31011 is an authentication bypass vulnerability discovered in TiDB version 5.3.0. The vulnerability was disclosed on May 26, 2022, affecting the authentication process of TiDB database system. Under certain conditions, attackers could construct malicious authentication requests to bypass the authentication process (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.4 (High severity) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates a local attack vector, low attack complexity, no privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability (GitHub Advisory).

If successfully exploited, the vulnerability can lead to privilege escalation or unauthorized access to the database system. The high CVSS score reflects the severe potential impact on system security, affecting confidentiality, integrity, and availability of the database (GitHub Advisory).

Two mitigation options are available: 1) Turn off SEM (Security Enhanced Mode), or 2) Disable local login for non-root accounts and ensure that the same IP cannot be logged in as root or normal user simultaneously. The recommended solution is to upgrade to TiDB version 5.3.1 or higher, which contains the patch for this vulnerability (GitHub Advisory).