Code injection

2018-07-1017:29:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

JSON

In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

CPENameOperatorVersion
stormge1.2.0
stormle1.2.1
stormgt1.1.0
stormle1.1.2
stormge1.0.0
stormle1.0.6
stormgt0.10.0
stormle0.10.2

Name	Operator	Version
storm	ge	1.2.0
storm	le	1.2.1
storm	gt	1.1.0
storm	le	1.1.2
storm	ge	1.0.0
storm	le	1.0.6
storm	gt	0.10.0
storm	le	0.10.2

References

storm.apache.org/2018/06/04/storm113-released.html

storm.apache.org/2018/06/04/storm122-released.html

www.openwall.com/lists/oss-security/2018/07/10/4

www.securityfocus.com/bid/104732

www.securitytracker.com/id/1041273