'[oss-security] CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode
From:       Imba Jin <jin () apache ! org>
Date:       2024-04-22 7:42:13
Message-ID: CA+th4MKQcZ593FOArcC99mtw8ZzQ66ix03a_-KBLYFkQ+ph+mA () mail ! gmail ! com
[Download RAW message or body]

Severity: critical

Affected versions:

- Apache HugeGraph-Server 1.0.0 before 1.3.0

Description:

Authentication Bypass by Spoofing vulnerability in Apache
HugeGraph-Server.This issue affects Apache HugeGraph-Server: from
1.0.0 before 1.3.0.

Users are recommended to upgrade to version 1.3.0, which fixes the issue.

(Also you could enable the "Whitelist-IP/port" function to improve the
security of RESTful-API execution)

Credit:

6right of moresec (reporter)

References:
https://hugegraph.apache.org/docs/download/download/
https://hugegraph.apache.org/docs/guides/security/
https://www.cve.org/CVERecord?id=CVE-2024-27349
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic