Lucene search
+L

147 matches found

Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.9 views

PT-2025-12331

Apache Druid and Affected Versions Apache Druid versions prior to 31.0.2 and prior to 32.0.1 Description Apache Druid is susceptible to Server-Side Request Forgery SSRF, Cross-Site Scripting XSS, and Open Redirect issues. When the Druid management proxy is used, a specially crafted URL in a reque...

7.5CVSS5.7AI score0.01656EPSS
Exploits0References26
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 1:29 p.m.10 views

Security Bulletin:Vulnerability in Apache Druid affects watsonx.data

Summary Apache Druid could allow a remote attacker to bypass security restrictions. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45384 DESCRIPTION: Apache Druid could allow a remote attacker to bypass security restrictions, caused by a flaw in the druid-pac4j extension. B...

6.5CVSS6.3AI score0.00821EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/17 9:30 p.m.33 views

Apache Druid: Users can provide MySQL JDBC properties not on allow list

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...

6.5CVSS6.1AI score0.00626EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/17 9:30 p.m.45 views

druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...

5.3CVSS6.5AI score0.00821EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/09/17 9:30 p.m.28 views

GHSA-P72W-R6FV-6G5H druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...

6.3CVSS5AI score0.00821EPSS
Exploits0References6
OSV
OSV
added 2024/09/17 9:30 p.m.32 views

GHSA-JH66-3545-VPM7 Apache Druid: Users can provide MySQL JDBC properties not on allow list

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...

3.1CVSS6.8AI score0.00626EPSS
Exploits0References4
NVD
NVD
added 2024/09/17 7:15 p.m.20 views

CVE-2024-45537

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...

6.5CVSS0.00626EPSS
Exploits0References1
NVD
NVD
added 2024/09/17 7:15 p.m.31 views

CVE-2024-45384

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...

5.3CVSS0.00821EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/17 6:37 p.m.15 views

CVE-2024-45537 Apache Druid: Users can provide MySQL JDBC properties not on allow list

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...

6.2AI score0.00626EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/17 6:37 p.m.36 views

CVE-2024-45537 Apache Druid: Users can provide MySQL JDBC properties not on allow list

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...

0.00626EPSS
Exploits0References1
CVE
CVE
added 2024/09/17 6:37 p.m.81 views

CVE-2024-45537

Apache Druid CVE-2024-45537 describes a vulnerability where an authenticated user can bypass authorization by sending a specially crafted MySQL JDBC connection string that includes properties not on the allow list, enabling access to read data from other databases via JDBC. The issue stems from i...

6.5CVSS6.9AI score0.00626EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/17 6:37 p.m.33 views

CVE-2024-45537 Apache Druid: Users can provide MySQL JDBC properties not on allow list

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...

6.5CVSS6AI score0.00626EPSS
Exploits0References4
CVE
CVE
added 2024/09/17 6:36 p.m.300 views

CVE-2024-45384

The CVE-2024-45384 issue affects Apache Druid via the optional druid-pac4j extension, enabling a Padding Oracle vulnerability that could let an attacker manipulate a pac4j session cookie. Affected versions are 0.18.0 through 30.0.0; installations not using druid-pac4j are not affected. While expl...

5.3CVSS5AI score0.00821EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/09/17 6:36 p.m.47 views

CVE-2024-45384 Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...

0.00821EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/17 6:36 p.m.22 views

CVE-2024-45384 Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...

6.6AI score0.00821EPSS
Exploits0References1
OSV
OSV
added 2024/09/17 6:36 p.m.14 views

CVE-2024-45384 Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...

5.3CVSS6AI score0.00821EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.5 views

Apache Druid 安全漏洞

Apache Druid is an American Apache Apache Foundation open source, column-oriented distributed database written in the Java language. A security vulnerability exists in Apache Druid versions 0.18.0 through 30.0.0. An attacker exploiting this vulnerability could manipulate pac4j session cookies...

5.3CVSS6.4AI score0.00821EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.6 views

PT-2024-31685 · Apache · Apache Druid

Name of the Vulnerable Software and Affected Versions: Apache Druid versions prior to 30.0.1 Description: The issue allows users with certain permissions to bypass restrictions on JDBC connections, potentially reading data from other database systems. This is possible by crafting a specific JDBC...

6.5CVSS7AI score0.00626EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 5:49 p.m.30 views

Security Bulletin: Vulnerability in Apache Druid affects watsonx.data

Summary It is possible for an authenticated user to send a specially-crafted request that forces Apache Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid...

9CVSS8.8AI score0.99301EPSS
Exploits8Affected Software1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.516 views

Log4Shell HTTP Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Scanner', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration,...

10CVSS10AI score0.99999EPSS
Exploits357
Rows per page
Query Builder