Security Audit, 2023 Table of contents Table of contents 1 Executive summary 2 Notable findings 3 Project Summary 4 Audit Scope 4 Threat model formalisation 5 Fuzzing 14 Issues found 16 SLSA review work and results from the audit. The audit was funded by the CNCF who hosts Vitess as a graduated project. Results summarised 12 security issues found 2 CVEs assigned Formalisation of VTAdmins threat CVE-2023-29194 Moderate ADA-VIT-SA23-12 CVE-2023-29195 Moderate 3 Vitess Security Audit, 2023 Project Summary The auditors of Ada Logics were: Name Title Email Adam Korczynski Security Engineer, Ada

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Vitess becomes a CNCF project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Scalability which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: 14 • It enables tablets to coordinate Documentation • Execution Plans vtworker vtworker hosts long-running processes. It supports a plugin architecture and offers libraries so that you can easily choose tablets to use. Plugins are available

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Vitess becomes a CNCF project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Scalability which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among their underlying MySQL instances. vtworker vtworker hosts long-running processes. It supports a plugin architecture and offers libraries so that you can easily choose tablets to use. Plugins are available

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Vitess becomes a CNCF project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Scalability which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among Design docs related to the benchmarks of Vitess arewefastyet description: Nightly Benchmarking project for Vitess Background With the codebase of Vitess becoming larger and complex changes getting merged

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Vitess becomes a CNCF project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Scalability which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among more. Even more importantly, Vitess is a platform that continues to scale. Vitess becomes a CNCF project The CNCF serves as the vendor-neutral home for many of the fastest-growing open source projects

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Vitess becomes a CNCF project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Scalability which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among their underlying MySQL instances. vtworker vtworker hosts long-running processes. It supports a plugin architecture and offers libraries so that you can easily choose tablets to use. Plugins are available

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Vitess becomes a CNCF project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Scalability which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among can be used as well listed here. Please do note that we request that you do not ask individual project members for support. Instead please use these channels where the whole community can help you and

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Vitess becomes a CNCF project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Scalability which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among can be used as well listed here. Please do note that we request that you do not ask individual project members for support. Instead please use these channels where the whole community can help you and

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Vitess becomes a CNCF project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 which are assumed to provide a distributed, consistent key-value store. The default topology service plugin is etcd2. The topology service exists for several reasons: • It enables tablets to coordinate among Design docs related to the benchmarks of Vitess arewefastyet description: Nightly Benchmarking project for Vitess Background With the codebase of Vitess becoming larger and complex changes getting merged

assessment targeting the Vitess software database scaler. Funded by the CNCF / The Linux Foundation, this project was carried out by Cure53 in February 2019 and revealed only three miscellaneous findings. In terms also used for testing. Access to all relevant code and documentation was granted. While the first project meeting provided the basis for the audit, a more ad-hoc kick-off meeting ensured that no major hurdles the discovered issues were only included in this final test report. In light of this February 2019 project, Cure53 concludes that the Vitess database scaler is mature and secure. Therefore, it is deemed fit-for-purpose