Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2018/10/17 7:54 p.m.5 views

org.apache.beam:beam-runners-twister2 (>=2.23.0 <=2.74.0), org.apache.ignite:ignite-mesos (>=2.7.0 <=2.12.0) +5 more potentially affected by CVE-2018-8023 via org.apache.mesos:mesos (=1.5.0)

org.apache.mesos:mesos MAVEN version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.mesos:mesos and may be impacted: - org.apache.beam:beam-runners-twister2 =2.23.0, =2.7.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.8.0 Source cves:...

5.9CVSS6.5AI score0.03056EPSS
Exploits0
NVD
NVD
added 2018/09/21 1:29 p.m.30 views

CVE-2018-8023

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...

5.9CVSS7.4AI score0.03056EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/09/21 1:0 p.m.33 views

CVE-2018-8023

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...

6.6AI score0.03056EPSS
Exploits0References2
CVE
CVE
added 2018/09/21 1:0 p.m.92 views

CVE-2018-8023

The provided records confirm CVE-2018-8023 affects Apache Mesos: pre-1.4.2, 1.5.0, 1.5.1, and 1.6.0 have a timing-attack flaw in JWT HMAC verification due to using a non-constant-time string comparison. This may enable an attacker to deduce the correct HMAC value during JWT validation. Several co...

5.9CVSS5.6AI score0.03056EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder