Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:44375
HistoryNov 27, 2023 - 5:16 a.m.

Information Disclosure

2023-11-2705:16:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
storm-core
vulnerability
information disclosure
insecure permissions
file creation
unix-like systems
sensitive information
attacker

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0

Percentile

5.1%

JSON

storm-core is vulnerable to Information Disclosure. The vulnerability exists because the createExtraPropertiesFile function in TopologySpoutLag.java creates a file with a predefined name (easily identifiable) and, by default, will create this file with insecure permissions (-rw-r--r--) on Unix-like systems. This allows an attacker to read sensitive information.

Related

cnvd 1
osv 2
prion 1
cvelist 1
github 1
nvd 1
cve 1
cnvd
cnvd
Apache Storm Information Disclosure Vulnerability (CNVD-2023-9666324)
2023-11-27 00:00:00
osv
osv
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
2023-11-23 12:30:23
CVE-2023-43123
2023-11-23 10:15:07
prion
prion
Design/Logic Flaw
2023-11-23 10:15:00
cvelist
cvelist
CVE-2023-43123 Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
2023-11-23 09:16:34
github
github
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
2023-11-23 12:30:23
nvd
nvd
CVE-2023-43123
2023-11-23 10:15:07
cve
cve
CVE-2023-43123
2023-11-23 10:15:07

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for VERACODE:44375
cnvd1osv2prion1cvelist1github1nvd1cve1