CVE Vulnerabilities

CVE-2018-1331

Published: Jul 10, 2018 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

Affected Software

Name Vendor Start Version End Version
Storm Apache 0.10.0 (excluding) 0.10.2 (including)
Storm Apache 1.0.0 (including) 1.0.6 (including)
Storm Apache 1.1.0 (excluding) 1.1.2 (including)
Storm Apache 1.2.0 (including) 1.2.1 (including)

References