ID |
CVE-2024-45384
|
Sažetak |
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j.
This could allow an attacker to manipulate a pac4j session cookie.
This issue affects Apache Druid versions 0.18.0 through 30.0.0.
Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability.
While we are not aware of a way to meaningfully exploit this flaw, we
nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue
and ensuring you have a strong
druid.auth.pac4j.cookiePassphrase as a precaution. |
Reference |
|
CVSS |
Base: | 0.0 |
Impact: | None |
Exploitability: | None |
|
Pristup |
Vektor | Složenost | Autentikacija |
None |
None |
None |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
None |
None |
None |
|
CVSS vektor |
None |
Zadnje važnije ažuriranje |
20-09-2024 - 12:30 |
Objavljeno |
17-09-2024 - 19:15 |