oss-sec mailing list archives
CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode
From: Imba Jin <jin () apache org>
Date: Mon, 22 Apr 2024 15:42:13 +0800
Severity: critical Affected versions: - Apache HugeGraph-Server 1.0.0 before 1.3.0 Description: Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. (Also you could enable the "Whitelist-IP/port" function to improve the security of RESTful-API execution) Credit: 6right of moresec (reporter) References: https://hugegraph.apache.org/docs/download/download/ https://hugegraph.apache.org/docs/guides/security/ https://www.cve.org/CVERecord?id=CVE-2024-27349
Current thread:
- CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode Imba Jin (Apr 22)