CVE-2024-31391 – Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials
https://notcve.org/view.php?id=CVE-2024-31391
Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the "solr" and "admin" accounts for use by end-users, and a "k8s-oper" account which the operator uses for its own requests to Solr. One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr's health and ability to receive traffic. By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but users may specifically request that authentication be required on probe endpoints as well. Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes "event" containing the username and password of the "k8s-oper" account. Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`. Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests. Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`. Vulnerabilidad de inserción de información confidencial en un archivo de registro en el operador Apache Solr. Este problema afecta a todas las versiones del operador Apache Solr desde la 0.3.0 hasta la 0.8.0. Cuando se le solicite iniciar la seguridad de Solr, el operador habilitará la autenticación básica y creará varias cuentas para acceder a Solr: incluidas las cuentas "solr" y "admin" para uso de los usuarios finales, y una cuenta "k8s-oper" que utiliza el operador. para sus propias solicitudes a Solr. • http://www.openwall.com/lists/oss-security/2024/04/12/7 https://lists.apache.org/thread/w7011s78lzywzwyszvy4d8zm99ybt8c7 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-27309 – Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
https://notcve.org/view.php?id=CVE-2024-27309
While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administrator decides to remove an ACL 2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal. When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct. The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain). The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period. • http://www.openwall.com/lists/oss-security/2024/04/12/3 https://lists.apache.org/thread/6536rmzyg076lzzdw2xdktvnz163mjpy https://security.netapp.com/advisory/ntap-20240705-0002 • CWE-863: Incorrect Authorization •
CVE-2024-31309 – Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack
https://notcve.org/view.php?id=CVE-2024-31309
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue. Un ataque de HTTP/2 CONTINUATION DoS puede hacer que Apache Traffic Server consuma más recursos en el servidor. Las versiones de 8.0.0 a 8.1.9 y de 9.0.0 a 9.2.3 se ven afectadas. • https://github.com/lockness-Ko/CVE-2024-27316 http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/10/7 https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message • CWE-20: Improper Input Validation •
CVE-2024-31867 – Apache Zeppelin: LDAP search filter query Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-31867
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. Vulnerabilidad de validación de entrada incorrecta en Apache Zeppelin. Los atacantes pueden ejecutar consultas maliciosas estableciendo propiedades de configuración incorrectas en el filtro de búsqueda LDAP. Este problema afecta a Apache Zeppelin: desde 0.8.2 antes de 0.11.1. Se recomienda a los usuarios actualizar a la versión 0.11.1, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/04/09/12 https://github.com/apache/zeppelin/pull/4714 https://lists.apache.org/thread/s4scw8bxdhrjs0kg0lhb68xqd8y9lrtf • CWE-20: Improper Input Validation •
CVE-2024-31868 – Apache Zeppelin: XSS vulnerability in the helium module
https://notcve.org/view.php?id=CVE-2024-31868
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. Vulnerabilidad de codificación o escape de salida inadecuados en Apache Zeppelin. Los atacantes pueden modificar helium.json y exponer ataques XSS a usuarios normales. Este problema afecta a Apache Zeppelin: desde 0.8.2 antes de 0.11.1. Se recomienda a los usuarios actualizar a la versión 0.11.1, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/04/09/11 https://github.com/apache/zeppelin/pull/4728 https://lists.apache.org/thread/55mqs673plsxmgnq7fdf2flftpllyf11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •