High severityNVD Advisory· Published Jul 25, 2019· Updated Aug 4, 2024
CVE-2019-0202
CVE-2019-0202
Description
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.storm:storm-coreMaven | >= 0.9.1-incubating, < 1.2.3 | 1.2.3 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-r9pv-hg64-jqrpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-0202ghsaADVISORY
- lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f%40%3Cuser.storm.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f@%3Cuser.storm.apache.org%3EghsaWEB
News mentions
0No linked articles in our index yet.