Lucene search

Druid ingestion system Authenticated users can read data from other sources than intended

🗓️ 27 Sep 2021 20:25:13Reported by GitHub Advisory DatabaseType

Insecure Druid HTTP InputSource Acces

Reporter	Title	Published	Views	Family All 30
Tenable Nessus	Apache Druid < 0.22.0 Incorrect Authorization	20 Sep 202300:00	–	nessus
Tenable Nessus	Apache Druid < 0.21.0 Privilege Escalation	20 Sep 202300:00	–	nessus
Prion	Privilege escalation	24 Sep 202110:15	–	prion
Prion	Privilege escalation	2 Jul 202108:15	–	prion
GithubExploit	Exploit for Incorrect Authorization in Apache Druid	14 Oct 202117:30	–	githubexploit
GithubExploit	Exploit for Incorrect Authorization in Apache Druid	14 Oct 202103:47	–	githubexploit
GithubExploit	Exploit for Exposure of Resource to Wrong Sphere in Apache Druid	21 Nov 202103:23	–	githubexploit
GithubExploit	Exploit for Incorrect Authorization in Apache Druid	12 Dec 202115:50	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Zeroshell	22 May 202105:06	–	githubexploit
Nuclei	Apache Druid - Local File Inclusion	25 Oct 202112:00	–	nuclei

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-36749
github	www.github.com/advisories/GHSA-793h-6f7r-6qvm
lists	www.lists.apache.org/thread.html/r304dfe56a5dfe1b2d9166b24d2c74ad1c6730338b20aef77a00ed2be@%3Cannounce.apache.org%3E
lists	www.lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E
github	www.github.com/advisories/GHSA-9p5g-vg43-mj5r

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Sep 2021 20:13Current

6.5Medium risk

Vulners AI Score6.5

CVSS24

CVSS36.5

EPSS0.91594