Lucene search
China National Vulnerability DatabaseCNVD-2023-96663HistoryNov 27, 2023 - 12:00 a.m.
Apache Storm Information Disclosure Vulnerability (CNVD-2023-9666324)
2023-11-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
apache storm
information disclosure
vulnerability
temporary directory
shared
api
unspecified permissions
sensitive information
Apache Storm is the United States Apache (Apache) Foundation of a set of open source distributed real-time computing system developed using Clojure (concurrent programming language). Apache Storm suffers from an information disclosure vulnerability that stems from a temporary directory shared among all users, which can be exploited by an attacker to write to the directory using an API with unspecified permissions, leading to the disclosure of sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache apache storm >=2.0.0, | lt | 2.6.0 |
Related
osv
osv
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
2023-11-23 12:30:23
CVE-2023-43123
2023-11-23 10:15:07
prion
prion
Design/Logic Flaw
2023-11-23 10:15:00
cvelist
cvelist
github
github
veracode
veracode
Information Disclosure
2023-11-27 05:16:41
cve
cve
CVE-2023-43123
2023-11-23 10:15:07
nvd
nvd
CVE-2023-43123
2023-11-23 10:15:07