CVE-2022-34916 in Flumeinfo

Summary

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

07/04/2022

Disclosure

08/21/2022

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
206876	Apache Flume JMS Source injection	74	Not defined	Official fix	CVE-2022-34916

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!