Apache Druid 漏洞

时间轴

版本

0.22.04
0.22.14
0.20.02
0.20.12
0.17.02

修正

Official Fix4
Temporary Fix0
Workaround0
Unavailable0
Not Defined4

易受攻击性

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined8

访问向量

Not Defined0
Physical0
Local0
Adjacent2
Network6

身份验证

Not Defined0
High0
Low6
None2

用户交互

Not Defined0
Required4
None4

C3BM Index

CVSSv3 Base

≤10
≤20
≤30
≤40
≤52
≤62
≤72
≤82
≤90
≤100

CVSSv3 Temp

≤10
≤20
≤30
≤40
≤52
≤62
≤74
≤80
≤90
≤100

VulDB

≤10
≤20
≤30
≤42
≤50
≤62
≤74
≤80
≤90
≤100

NVD

≤10
≤20
≤30
≤40
≤52
≤60
≤74
≤80
≤92
≤100

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

供应商

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

零日攻击

<1k0
<2k0
<5k2
<10k0
<25k6
<50k0
<100k0
≥100k0

本日攻击

<1k2
<2k0
<5k4
<10k2
<25k0
<50k0
<100k0
≥100k0

攻击市场容量

🔴 CTI 活动

Affected Versions (25): 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10, 0.11, 0.12, 0.13, 0.14, 0.15, 0.16, 0.17, 0.18, 0.19, 0.20, 0.20.1, 0.21, 0.21.1, 0.22, 0.22.1

Link to Product Website: https://www.apache.org/

已发布BaseTemp漏洞0day今天修正CTICVE
2022-07-074.84.8Apache Druid URL Parameter 跨网站脚本$0-$5k$5k-$25kNot DefinedNot Defined0.00CVE-2021-44791
2022-07-075.35.2Apache Druid Header 权限升级$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-28889
2021-09-245.45.3Apache Druid HTTP InputSource 信息公开$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-36749
2021-07-024.34.1Apache Druid inputSource 信息公开$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-26920
2021-03-307.16.8Apache Druid JDBC 权限升级$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-26919
2021-01-306.16.1Apache Druid 跨网站脚本$0-$5k$5k-$25kNot DefinedOfficial Fix0.02CVE-2021-25646
2020-04-016.46.4Apache Druid LDAP Authentication 信息公开$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-1958

更多条目由 Apache

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!