CVE-2018-1331

4 documents4 sources

Severity

8.8HIGH

EPSS

5.1%

top 10.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Storm Apache Software Foundation Apache Storm

Timeline

PublishedJul 10

Latest updateOct 17

Description

In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.apache.storm:storm-core1.2.0 — 1.2.2+1

▶NVDapache/storm1.0.0 — 1.0.6+3

▶CVEListV5apache_software_foundation/apache_storm4 versions+3

🔴Vulnerability Details

OSV

Code execution in org.apache.storm:storm-core↗2018-10-17

▶

GHSA

Code execution in org.apache.storm:storm-core↗2018-10-17

▶

CVEList

CVE-2018-1331: In Apache Storm 0↗2018-07-10

▶