CVE-2019-0202
published 2019-07-26CVE-2019-0202: The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating…
high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | storm | — | — |
| apache | storm | — | — |
| apache | storm | — | — |
| apache | storm | 0.9.3 – 1.2.2 | — |