CVE-2024-36264

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Submarine Commons Utils versions 0.8.0 and later

Description The issue is related to an Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set submarine.auth.default.secret, a default value will be used. This vulnerability only affects products that are no longer supported by the maintainer. As the project is retired, no fix will be released.

Recommendations For Apache Submarine Commons Utils versions 0.8.0 and later, users are recommended to find an alternative or restrict access to the instance to trusted users.

Fix

Improper Authentication

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-798

Related Identifiers

CVE-2024-36264

GHSA-JWCG-WV5X-VG3G

PYSEC-2024-97

Affected Products

Apache Submarine Commons Utils

CVE-2024-36264

Weakness Enumeration

Related Identifiers

Affected Products

References · 17