Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-9799

UNKNOWN
Published 2017-08-09T21:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-9799. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Storm

Affected Versions:

1.0.0 through 1.0.3 1.1.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user

GHSA-x825-rjww-2245

Advisory Details

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.

Affected Packages

Maven org.apache.storm:storm-core
ECOSYSTEM: ≥1.1.0 <1.1.1
Maven org.apache.storm:storm-core
ECOSYSTEM: ≥1.0.0 <1.0.4

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-9799
ADVISORY https://github.com/advisories/GHSA-x825-rjww-2245
WEB https://lists.apache.org/thread.html/b9125bf507ed6f2ca6e85ba1a4b44e232aa70eeddfba2a9d8a954127@%3Cdev.storm.apache.org%3E
WEB http://www.securityfocus.com/bid/100235
WEB http://www.securitytracker.com/id/1039116

Advisory provided by GitHub Security Advisory Database. Published: October 17, 2018, Modified: April 27, 2022

References

https://lists.apache.org/thread.html/b9125bf507ed6f2ca6e85ba1a4b44e232aa70eeddfba2a9d8a954127%40%3Cdev.storm.apache.org%3E
http://www.securityfocus.com/bid/100235
http://www.securitytracker.com/id/1039116
Published: 2017-08-09T21:00:00Z
Last Modified: 2024-09-17T02:06:16.001Z
Copied to clipboard!