📄 Apache HugeGraph Server 1.2.0 Remote Code Execution

Apache HugeGraph Server version 1.2.0 suffers from a remote code execution vulnerability. Exploit Title: Apache HugeGraph 1.2.0 Remote Code Execution Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://hugegraph.apache.org/docs/download/download/ Version: Apache HugeGraph 1.0....

Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)

Exploit Title: Apache HugeGraph Server 1.2.0 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://hugegraph.apache.org/docs/download/download/ Version: Apache HugeGraph 1.0.0 - 1.2.0 CVE : CVE-2024–27348 from requests import Request, Session import sys import json d...

CVE-2024-27348

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue...

Exploit for Improper Access Control in Apache Hugegraph

CVE-2024-27348 This is a repository for Apache HugeGraph Remot...

Apache HugeGraph Server 1.0.x < 1.3.0 (CVE-2024-27348)

The version of Apache HugeGraph Server installed on the remote host is prior to 1.3.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27348 advisory. - RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server:...

Metasploit Weekly Wrap-Up 08/16/2024

New module content 3 Apache HugeGraph Gremlin RCE Authors: 6right and jheysel-r7 Type: Exploit Pull request: 19348 contributed by jheysel-r7 Path: linux/http/apachehugegraphgremlinrce AttackerKB reference: CVE-2024-27348 Description: Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335...

Apache HugeGraph Gremlin Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache HugeGraph Gremlin RCE', 'Description' = %q This module exploits CVE-2024-27348 which is a Remote Code Execution RCE vulnerability that...

Apache HugeGraph Gremlin RCE

This module exploits CVE-2024-27348 which is a Remote Code Execution RCE vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve RCE through Gremlin, resulting in complete control over the server Module Options msf...

The Bug Report - June 2024 Edition

The Bug Report - June 2024 Edition By Jonathan Omakun & Tobi Olawale · June 27, 2024 Why am I Here Welcome back to The Bug Report, the "so hot the server fans are sweating" edition! For those who are new to our monthly adventure, every month, our dedicated Advanced Research Center vulnerability...

Exploit for Improper Access Control in Apache Hugegraph

CVE-2024-27348 🪶 CVE-2024-27348 Proof of concept Exploit RCE...

CVE-2024-27348

creationtimestamp| type| source ---|---|--- 2024-05-31 20:14:51+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/7483 2024-06-03 02:16:35+00:00| published-proof-of-concept| https://t.me/cKure/13050 2024-06-03 04:29:58+00:00| published-proof-of-concept| https://t.me/CNArsenal/2576...

org.apache.hugegraph:hugegraph-api (>=1.0.0 <=1.2.0), org.apache.hugegraph:hugegraph-cassandra (>=1.0.0 <=1.2.0) +9 more potentially affected by CVE-2024-27348 via org.apache.hugegraph:hugegraph-core (>=1.0.0 <=1.2.0)

org.apache.hugegraph:hugegraph-core MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 Source cves: CVE-2024-27348 Source advisory: OSV:GHSA-29RC-VQ7F-X335...

CVE-2024-27348

CVE-2024-27348 (Apache HugeGraph-Server) is an improper access control vulnerability in the Gremlin interface that enables remote code execution. Affected: HugeGraph-Server versions from 1.0.0 up to (but not including) 1.3.0, running on Java 8 or Java 11. Root cause: insufficient access controls ...

CVE-2024-27348 Apache HugeGraph-Server: Command execution in gremlin

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue...