PT-2018-11733 · Apache · Apache Storm

Bobby Evans

Published

2018-07-10

Updated

2019-10-03

CVE-2018-1331

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Storm versions 0.10.0 through 0.10.2 Apache Storm versions 1.0.0 through 1.0.6 Apache Storm versions 1.1.0 through 1.1.2 Apache Storm versions 1.2.0 through 1.2.1

Description An issue exists where an attacker with access to a secure Storm cluster could potentially execute arbitrary code as a different user under certain conditions.

Recommendations For Apache Storm versions 0.10.0 through 0.10.2, update to a version outside of this range to resolve the issue. For Apache Storm versions 1.0.0 through 1.0.6, update to a version outside of this range to resolve the issue. For Apache Storm versions 1.1.0 through 1.1.2, update to a version outside of this range to resolve the issue. For Apache Storm versions 1.2.0 through 1.2.1, update to a version outside of this range to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-1331

GHSA-P8JX-X2VW-WM33

Affected Products

Apache Storm

PT-2018-11733 · Apache · Apache Storm

CVE-2018-1331

Related Identifiers

Affected Products

References · 9