PT-2018-11733 · Apache · Apache Storm

Bobby Evans

Publicado

2018-07-10

Atualizado

2019-10-03

CVE-2018-1331

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Storm versions 0.10.0 through 0.10.2 Apache Storm versions 1.0.0 through 1.0.6 Apache Storm versions 1.1.0 through 1.1.2 Apache Storm versions 1.2.0 through 1.2.1

Description An issue exists where an attacker with access to a secure Storm cluster could potentially execute arbitrary code as a different user under certain conditions.

Recommendations For Apache Storm versions 0.10.0 through 0.10.2, update to a version outside of this range to resolve the issue. For Apache Storm versions 1.0.0 through 1.0.6, update to a version outside of this range to resolve the issue. For Apache Storm versions 1.1.0 through 1.1.2, update to a version outside of this range to resolve the issue. For Apache Storm versions 1.2.0 through 1.2.1, update to a version outside of this range to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-1331

GHSA-P8JX-X2VW-WM33

Produtos afetados

Apache Storm

PT-2018-11733 · Apache · Apache Storm

CVE-2018-1331

Identificadores relacionados

Produtos afetados

Referências · 9