CVE-2018-1331
HIGH8.8EPSS 5.1%Code execution in org.apache.storm:storm-core
Published: 10/17/2018Modified: 12/1/2024
Description
In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
Affected packages (1)
- Maven/org.apache.storm:storm-core>= 1.2.0, < 1.2.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (7)
- ADVISORYhttps://github.com/advisories/GHSA-p8jx-x2vw-wm33
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1331
- WEBhttp://storm.apache.org/2018/06/04/storm113-released.html
- WEBhttp://storm.apache.org/2018/06/04/storm122-released.html
- WEBhttp://www.openwall.com/lists/oss-security/2018/07/10/4
- WEBhttp://www.securityfocus.com/bid/104732
- WEBhttp://www.securitytracker.com/id/1041273