PRESENTS Vitess security audit In collaboration with the Vitess maintainers, Open Source Technology Improvement Fund and The Linux Foundation Authors Adam Korczynski David Korczynski vulnerabilities that a threat actor knows exist but does not place in the code. Threat actors can obtain information of vulnerabilities in public registries and assess whether projects use the vulnerable version actionable steps to use VTAdmin securely. The Vitess documentation currently contains limited information about the RBAC of Vitess, which is positive, however we consider the documentation incomplete.

local topology service, which is hosted in that cell. The topology service contains most of the information about the Vitess tablets in its cell. This enables a cell to be taken down and rebuilt as a unit to a tablet via a VTGate server. 12 Tablet Types See the user guide VTTablet Modes for more information. • master - A replica tablet that happens to currently be the MySQL master for its shard. • replica maintain quorum in the event of a cell failure. Local Topology Each local topology contains information related to its own cell. Specifically, it contains data about tablets in the cell, the keyspace

local topology service, which is hosted in that cell. The topology service contains most of the information about the Vitess tablets in its cell. This enables a cell to be taken down and rebuilt as a unit to a tablet via a VTGate server. 10 Tablet Types See the user guide VTTablet Modes for more information. • master - A replica tablet that happens to currently be the MySQL master for its shard. • replica maintain quorum in the event of a cell failure. Local Topology Each local topology contains information related to its own cell. Specifically, it contains data about tablets in the cell, the keyspace

local topology service, which is hosted in that cell. The topology service contains most of the information about the Vitess tablets in its cell. This enables a cell to be taken down and rebuilt as a unit complicated query with a cross shard join might need to first fetch information from a tablet keeping vindex lookup tables. Then use this information to query two different shards for more data and subsequently routed to a tablet via a VTGate server. Tablet Types See the user guide VTTablet Modes for more information. • master - A replica tablet that happens to currently be the MySQL master for its shard. • replica

local topology service, which is hosted in that cell. The topology service contains most of the information about the Vitess tablets in its cell. This enables a cell to be taken down and rebuilt as a unit complicated query with a cross shard join might need to first fetch information from a tablet keeping vindex lookup tables. Then use this information to query two different shards for more data and subsequently routed to a tablet via a VTGate server. Tablet Types See the user guide VTTablet Modes for more information. • master - A replica tablet that happens to currently be the MySQL master for its shard. • replica

local topology service, which is hosted in that cell. The topology service contains most of the information about the Vitess tablets in its cell. This enables a cell to be taken down and rebuilt as a unit complicated query with a cross shard join might need to first fetch information from a tablet keeping vindex lookup tables. Then use this information to query two different shards for more data and subsequently routed to a tablet via a VTGate server. Tablet Types See the user guide VTTablet Modes for more information. • master - A replica tablet that happens to currently be the MySQL master for its shard. • replica

local topology service, which is hosted in that cell. The topology service contains most of the information about the Vitess tablets in its cell. This enables a cell to be taken down and rebuilt as a unit complicated query with a cross shard join might need to first fetch information from a tablet keeping vindex lookup tables. Then use this information to query two different shards for more data and subsequently to a tablet via a VTGate server. 29 Tablet Types See the user guide VTTablet Modes for more information. • primary - A replica tablet that happens to currently be the MySQL primary for its shard. •

local topology service, which is hosted in that cell. The topology service contains most of the information about the Vitess tablets in its cell. This enables a cell to be taken down and rebuilt as a unit routed to a tablet via a VTGate server. Tablet Types See the user guide VTTablet Modes for more information. • master - A replica tablet that happens to currently be the MySQL master for its shard. • replica maintain quorum in the event of a cell failure. Local Topology Each local topology contains information related to its own cell. Specifically, it contains data about tablets in the cell, the keyspace

local topology service, which is hosted in that cell. The topology service contains most of the information about the Vitess tablets in its cell. This enables a cell to be taken down and rebuilt as a unit complicated query with a cross shard join might need to first fetch information from a tablet keeping vindex lookup tables. Then use this information to query two different shards for more data and subsequently routed to a tablet via a VTGate server. Tablet Types See the user guide VTTablet Modes for more information. • master - A replica tablet that happens to currently be the MySQL master for its shard. • replica

constructs. These were marked whenever a potential capacity for leading to buffer corruption, information leakages and other similar flaws has been identified. The secondary phase (Phase 2) of the test malicious adversaries. This included watching out for disclosure of personally identifiable information (PII), particularly in rarely encountered error cases. Additionally, the deployment infrastructure requested, plenty of additional effort was invested into discovering leaks of personally-identifiable information, for example during the extensive logging of executed queries. The redactor was checked for flaws