CVE-2017-9799 in Storminfo

Zusammenfassung

von MITRE

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

21.06.2017

Veröffentlichung

09.08.2017

Moderieren

akzeptiert

Eintrag

VDB-105202

CPE

bereit

CWE

CWE-255 (bestätigt)

CVSS

8.8 (NVD)

EPSS

0.01032

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-9799
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-9799
CVE Details	https://www.cvedetails.com/cve/CVE-2017-9799/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!