CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31141 – Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
https://notcve.org/view.php?id=CVE-2024-31141
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products. This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0. Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none". Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds. For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property. For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property. • https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv • CWE-269: Improper Privilege Management CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52317 – Apache Tomcat: Request/response mix-up with HTTP/2
https://notcve.org/view.php?id=CVE-2024-52317
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. Vulnerabilidad de reutilización y reciclaje incorrecto de objetos en Apache Tomcat. El reciclaje incorrecto de la solicitud y la respuesta utilizadas por las solicitudes HTTP/2 podría provocar una confusión de solicitudes y/o respuestas entre usuarios. Este problema afecta a Apache Tomcat: desde 11.0.0-M23 hasta 11.0.0-M26, desde 10.1.27 hasta 10.1.30, desde 9.0.92 hasta 9.0.95. • https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52316 – Apache Tomcat: Authentication bypass when using Jakarta Authentication API
https://notcve.org/view.php?id=CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. Vulnerabilidad de condición de error no comprobada en Apache Tomcat. Si Tomcat está configurado para utilizar un componente ServerAuthContext de autenticación de Jakarta (anteriormente JASPIC) personalizado que puede generar una excepción durante el proceso de autenticación sin establecer explícitamente un estado HTTP para indicar un error, la autenticación puede no fallar, lo que permite al usuario omitir el proceso de autenticación. • https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928 • CWE-391: Unchecked Error Condition •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41151 – Apache HertzBeat: RCE by notice template injection vulnerability
https://notcve.org/view.php?id=CVE-2024-41151
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. • https://lists.apache.org/thread/oor9nw6nh2ojnfw8d8oxrv40cbtk5mwj https://lists.apache.org/thread/p33tg0vo5nh6kscth4262ktsqo3h5lqo • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45791 – Apache HertzBeat: Exposure sensitive token via http GET method with query string
https://notcve.org/view.php?id=CVE-2024-45791
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. • https://lists.apache.org/thread/jmbsfjsvrfnvosh1ftrm3ry4j3sb7doz https://lists.apache.org/thread/lvsczrp8kdynppmzyxtkh4ord4gpw1ph • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •