CVE-2024-22281

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Helix Front (UI) versions all

Description The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects products that are no longer supported by the maintainer.

Recommendations As this project is retired and no fix will be released, users are recommended to find an alternative or restrict access to the instance to trusted users.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2024-22281

GHSA-6247-7862-Q2PQ

Affected Products

Apache Helix Front

CVE-2024-22281

Weakness Enumeration

Related Identifiers

Affected Products

References · 9