CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27137 – Apache Cassandra: unrestricted deserialization of JMX authentication credentials
https://notcve.org/view.php?id=CVE-2024-27137
04 Feb 2025 — In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations. This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10. This issue affects Apache Cassan... • https://lists.apache.org/thread/jsk87d9yv8r204mgqpz1qxtp5wcrpysm • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24860 – Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
https://notcve.org/view.php?id=CVE-2025-24860
04 Feb 2025 — Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both Cass... • https://lists.apache.org/thread/yjo5on4tf7s1r9qklc4byrz30b8vkm2d • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-23015 – Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
https://notcve.org/view.php?id=CVE-2025-23015
04 Feb 2025 — Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.... • https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29869 – Apache Hive: Credentials file created with non restrictive permissions
https://notcve.org/view.php?id=CVE-2024-29869
28 Jan 2025 — Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue. Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unaut... • https://github.com/apache/hive • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23953 – Apache Hive: Timing Attack Against Signature in LLAP util
https://notcve.org/view.php?id=CVE-2024-23953
28 Jan 2025 — Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0, which fixes this issue. The problem occurs when an application doesn’t use a constant-time algorithm for validating a signature. The method Arrays.equals() returns false right away when it sees that one of the in... • https://blog.gypsyengineer.com/en/security/preventing-timing-attacks-with-codeql.html • CWE-208: Observable Timing Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24783 – Apache Cocoon: continuations may not be private
https://notcve.org/view.php?id=CVE-2025-24783
27 Jan 2025 — Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to. As a mitigation, you may enable ... • https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24814 – Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files
https://notcve.org/view.php?id=CVE-2025-24814
27 Jan 2025 — Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are tre... • https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52012 – Apache Solr: Configset upload on Windows allows arbitrary path write-access
https://notcve.org/view.php?id=CVE-2024-52012
27 Jan 2025 — Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. • https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd • CWE-23: Relative Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53299 – Apache Wicket: An attacker can intentionally trigger a memory leak
https://notcve.org/view.php?id=CVE-2024-53299
23 Jan 2025 — The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue. The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue. • https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45479 – Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
https://notcve.org/view.php?id=CVE-2024-45479
21 Jan 2025 — SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. • https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger • CWE-20: Improper Input Validation •