CVE-2018-1331
published 2018-07-10CVE-2018-1331: In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | storm | <= 0.10.2 | — |
| apache | storm | <= 1.1.2 | — |
| apache | storm | 1.0.0 – 1.0.6 | — |
| apache | storm | 1.2.0 – 1.2.1 | — |
| apache_software_foundation | apache_storm | — | — |
| apache_software_foundation | apache_storm | — | — |
| apache_software_foundation | apache_storm | — | — |
| apache_software_foundation | apache_storm | — | — |