CVE-2024-36265 Apache Submarine Server Core: authorization bypass

2024-06-1214:12:11

CWE-863

apache

github.com

cve-2024-36265

apache submarine server core

authorization bypass

vulnerability

unsupported

retired project

alternative

restrict access

trusted users

no longer supported

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Submarine Server Core.

This issue affects Apache Submarine Server Core: from 0.8.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CNA Affected

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.submarine:submarine-server-core",
    "product": "Apache Submarine Server Core",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "*",
        "status": "affected",
        "version": "0.8.0",
        "versionType": "semver"
      }
    ]
  }
]