CVE-2020-1958Injection in Apache Druid

CWE-74InjectionCWE-732Incorrect Permission AssignmentCWE-200Sensitive Information Exposure5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
15.6%
top 5.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache DruidApache Druid
Timeline
PublishedApr 1
Latest updateFeb 9

Description

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. Thi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDapache/druid0.17.0
CVEListV5apache/apache_druid0.17.0

🔴Vulnerability Details

3
OSV
Credentials bypass in Apache Druid2022-02-09
GHSA
Credentials bypass in Apache Druid2022-02-09
CVEList
CVE-2020-1958: When LDAP authentication is enabled in Apache Druid 02020-04-01

📋Vendor Advisories

1
Red Hat
druid: Bypass of the credentialsValidator.userSearch filter in Druid API2020-04-01
CVE-2020-1958 — Injection in Apache Druid | cvebase