Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-P72W-R6FV-6G5H
HistorySep 17, 2024 - 9:30 p.m.

druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability

2024-09-1721:30:32
Google
osv.dev
3
apache druid
padding oracle
vulnerability
upgrade

AI Score

6.5

Confidence

High

JSON

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j.
This could allow an attacker to manipulate a pac4j session cookie.

This issue affects Apache Druid versions 0.18.0 through 30.0.0.
Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability.

While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution.

Related

vulnrichment 1
osv 1
wolfi 1
github 1
cve 1
nvd 1
cvelist 1
vulnrichment
vulnrichment
CVE-2024-45384 Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack
2024-09-17 18:36:00
osv
osv
CGA-224v-8qf6-rm3p
2024-09-25 05:07:11
wolfi
wolfi
CVE-2024-45384 vulnerabilities
2024-09-30 09:32:54
github
github
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
2024-09-17 21:30:32
cve
cve
CVE-2024-45384
2024-09-17 19:15:28
nvd
nvd
CVE-2024-45384
2024-09-17 19:15:28
cvelist
cvelist
CVE-2024-45384 Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack
2024-09-17 18:36:00

AI Score

6.5

Confidence

High

JSON
Related for OSV:GHSA-P72W-R6FV-6G5H
vulnrichment1osv1wolfi1github1cve1nvd1cvelist1