CVE-2017-9799 in Storm정보

요약

\~에 의해 MITRE

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2017. 06. 21.

공개

2017. 08. 09.

모더레이션

수락

항목

VDB-105202

CPE

준비됨

CWE

CWE-255 (확인됨)

CVSS

8.8 (NVD)

EPSS

0.01032

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-9799
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-9799
CVE Details	https://www.cvedetails.com/cve/CVE-2017-9799/

◂ 이전 개요 다음 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!