⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2021-36749Sensitive Information Exposure in Apache Druid

CWE-200Sensitive Information ExposureCWE-668Resource ExposureCWE-863Incorrect Authorization7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
93.8%
top 0.13%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Apache DruidApache Software Foundation Apache Druid
Timeline
PublishedSep 24
Latest updateSep 27

Description

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid ind

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDapache/druid< 0.22.0
CVEListV5apache_software_foundation/apache_druid0.21.1 and earlier0.21.1

🔴Vulnerability Details

4
GHSA
Druid ingestion system Authenticated users can read data from other sources than intended2021-09-27
OSV
Druid ingestion system Authenticated users can read data from other sources than intended2021-09-27
CVEList
Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920)2021-09-24
VulnCheck
Apache druid Incorrect Authorization2021

💥Exploits & PoCs

1
Nuclei
Apache Druid - Local File Inclusion

📋Vendor Advisories

1
Red Hat
druid: HTTP InputSource allows authenticated users to read data from other sources (incomplete fix of CVE-2021-26920)2021-09-23
CVE-2021-36749 — Sensitive Information Exposure | cvebase