Lucene search

GitHub Advisory DatabaseGHSA-Q35P-CHC6-7X57

HistoryOct 17, 2018 - 7:48 p.m.

Moderate severity vulnerability that affects org.apache.storm:storm-core

2018-10-1719:48:18

CWE-200

GitHub Advisory Database

github.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

28.2%

JSON

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.

Affected configurations

Vulners

Node

org.apache.storm\stormMatchcore

CPENameOperatorVersion
org.apache.storm:storm-corelt1.2.2
org.apache.storm:storm-corelt1.1.3

CPE	Name	Operator	Version
	org.apache.storm:storm-core	lt	1.2.2
	org.apache.storm:storm-core	lt	1.1.3

References

www.securityfocus.com/bid/104399

github.com/advisories/GHSA-q35p-chc6-7x57

lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4@%3Cdev.storm.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2018-1332

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

28.2%

JSON

Related for GHSA-Q35P-CHC6-7X57