CVE-2024-45384 Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack

🗓️ 17 Sep 2024 18:36:00Reported by apacheType

Apache Druid CVE-2024-45384 Padding Oracle Vulnerabilit

Reporter	Title	Published	Views	Family All 15
IBM Security Bulletins	Security Bulletin:Vulnerability in Apache Druid affects watsonx.data	27 Feb 202513:29	–	ibm
Chainguard	CVE-2024-45384 vulnerabilities	17 Sep 202419:15	–	cgr
Circl	CVE-2024-45384	17 Sep 202422:18	–	circl
CNNVD	Apache Druid 安全漏洞	17 Sep 202400:00	–	cnnvd
CVE	CVE-2024-45384	17 Sep 202418:36	–	cve
Github Security Blog	druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability	17 Sep 202421:30	–	github
NVD	CVE-2024-45384	17 Sep 202419:15	–	nvd
OSV	CGA-224V-8QF6-RM3P	25 Sep 202405:07	–	osv
OSV	CGA-3VJC-82V8-F4PV	29 Jan 202600:42	–	osv
OSV	GHSA-P72W-R6FV-6G5H druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability	17 Sep 202421:30	–	osv

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.druid.extensions:druid-pac4j",
    "product": "Apache Druid",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "30.0.0",
        "status": "affected",
        "version": "0.18.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/gr94fnp574plb50lsp8jw4smvgv1lbz1

17 Sep 2024 18:36Current

EPSS0.00216