CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27181 – Apache Linkis Basic management services: Privilege Escalation Attack vulnerability
https://notcve.org/view.php?id=CVE-2024-27181
02 Aug 2024 — In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue. • https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48396 – Apache SeaTunnel Web: Authentication bypass
https://notcve.org/view.php?id=CVE-2023-48396
30 Jul 2024 — Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue. Web Authentication vulnerability in Apache SeaTunnel. • https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2023-38522 – Apache Traffic Server: Incomplete field name check allows request smuggling
https://notcve.org/view.php?id=CVE-2023-38522
26 Jul 2024 — Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forw... • https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0 • CWE-20: Improper Input Validation CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.5EPSS: 1%CPEs: 2EXPL: 0CVE-2024-35296 – Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests
https://notcve.org/view.php?id=CVE-2024-35296
26 Jul 2024 — Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling. • https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35161 – Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling
https://notcve.org/view.php?id=CVE-2024-35161
26 Jul 2024 — Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. Apache Traffic Serv... • https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0 • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25090 – Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode
https://notcve.org/view.php?id=CVE-2024-25090
26 Jul 2024 — Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache R... • https://lists.apache.org/thread/lb50jqyxwf8jrfpydl6dc5zpqtpgrrwd • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48362 – Apache Drill: XXE Vulnerability in XML Format Reader
https://notcve.org/view.php?id=CVE-2023-48362
24 Jul 2024 — XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue. XXE en el complemento de formato XML en Apache Drill versión 1.19.0 y superior permite al usuario leer cualquier archivo en un sistema de archivos remoto o ejecutar comandos a través de un archivo XML malicioso. Se recomienda a los usuarios actualizar a la versió... • http://www.openwall.com/lists/oss-security/2024/07/24/3 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39676 – Apache Pinot: Unauthorized endpoint exposed sensitive information
https://notcve.org/view.php?id=CVE-2024-39676
24 Jul 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). This... • https://lists.apache.org/thread/hsm0b2w8qr0sqy4rj1mfnnw286tslpzc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41178 – Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
https://notcve.org/view.php?id=CVE-2024-41178
23 Jul 2024 — Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html . This allows someone with access to the logs to impersonate that identity, including performing their own calls to AssumeRoleWithWebIdentity, until th... • http://www.openwall.com/lists/oss-security/2024/07/23/3 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29070 – Apache StreamPark: session not invalidated after logout
https://notcve.org/view.php?id=CVE-2024-29070
23 Jul 2024 — On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users should upgrade to 2.1.4 En versiones anteriores a la 2.1.4, la sesión no se invalida después de cerrar sesión. Cuando el usuario inicia sesión correctamente, el servicio Backend devuelve "Authorization" como credencial... • https://lists.apache.org/thread/zslblrz1l0n9t67mqdv42yv75ncfn9zl • CWE-613: Insufficient Session Expiration •