GHSA-cg5h-q983-4rww
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cg5h-q983-4rww
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cg5h-q983-4rww/GHSA-cg5h-q983-4rww.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-cg5h-q983-4rww
- Aliases
-
- CVE-2015-3188
- Published
- 2022-05-14T02:48:54Z
- Modified
- 2023-11-08T03:57:53.027604Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Apache Storm remote code execution vulnerability
- Details
-
The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase.
- Database specific
{ "nvd_published_at": "2017-01-13T15:59:00Z", "cwe_ids": [], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-08-02T21:01:26Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-3188
- https://github.com/apache/storm/blob/v0.10.0-beta1/SECURITY.md
- https://github.com/apache/storm/blob/v0.10.0-beta1/STORM-UI-REST-API.md
- https://web.archive.org/web/20151014213052/http://www.securitytracker.com/id/1032695
- https://web.archive.org/web/20171202122914/http://www.securityfocus.com/archive/1/535804/100/0/threaded
- http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html
Affected packages
Maven / org.apache.storm:storm
Package
- Name
- org.apache.storm:storm
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.storm/storm