CVE-2015-3188 – org.apache.storm:storm

Package

Manager: maven
Name: org.apache.storm:storm
Vulnerable Version: =0.10.0-beta || >=0.10.0-beta <0.10.0-beta1

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.1242 pctl0.93658

Details

Apache Storm remote code execution vulnerability The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase.

Metadata

Created: 2022-05-14T02:48:54Z
Modified: 2023-08-02T21:01:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cg5h-q983-4rww/GHSA-cg5h-q983-4rww.json
CWE IDs: []
Alternative ID: GHSA-cg5h-q983-4rww
Finding: F422
Auto approve: 1