CVE-2024-27905

Name of the Vulnerable Software and Affected Versions Apache Aurora (affected versions not specified)

Description The issue is related to the exposure of sensitive information. An endpoint that exposes internals to unauthenticated users can be used as a "padding oracle", allowing an anonymous attacker to construct a valid authentication cookie. This could potentially be combined with vulnerabilities in other components to achieve remote code execution. The project is retired, and no fix is planned.

Recommendations As the project is retired and no version with a fix will be released, users are recommended to find an alternative. Restrict access to the instance to trusted users to minimize the risk of exploitation.