PT-2025-17263 · Apache+1 · Apache Druid Monitoring Console+1
Caigo
·
Published
2025-04-18
·
Updated
2025-04-18
·
CVE-2025-3790
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
baseweb JSite version 1.0
Description
A critical issue has been discovered, affecting the Apache Druid Monitoring Console, specifically the /druid/index.html file. This leads to improper access controls, allowing for remote attacks. The exploit details have been publicly disclosed.
Recommendations
For baseweb JSite version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Access Control
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Druid Monitoring Console
Baseweb Jsite