PT-2017-19193 · Apache · Apache Storm

Publicado

2017-08-09

Atualizado

2019-10-03

CVE-2017-9799

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Storm versions 1.0.0 through 1.0.3 Apache Storm versions 1.1.0 through 1.1.0

Description A security issue was discovered in Apache Storm where, under certain situations and configurations, the owner of a topology could potentially trick the supervisor into launching a worker as a different, non-root user. This could lead to the compromise of secure credentials of the other user.

Recommendations For Apache Storm versions 1.0.0 through 1.0.3, update to version 1.0.4 or later. For Apache Storm versions 1.1.0 through 1.1.0, update to version 1.1.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2017-9799

GHSA-X825-RJWW-2245

SUSE-SU-2017:3000-1

Produtos afetados

Apache Storm

PT-2017-19193 · Apache · Apache Storm

CVE-2017-9799

Identificadores relacionados

Produtos afetados

Referências · 13