CVE-2024-27905

** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/02/27/3
https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp
http://www.openwall.com/lists/oss-security/2024/02/27/3
https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp

Configurations

No configuration.

History

21 Nov 2024, 09:05

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2024/02/27/3 -~~	() http://www.openwall.com/lists/oss-security/2024/02/27/3 -
References	~~() https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp -~~	() https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp -

01 Aug 2024, 13:48

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1

27 Feb 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-27 15:15

Updated : 2024-11-21 09:05

NVD link : CVE-2024-27905

Mitre link : CVE-2024-27905

CVE.ORG link : CVE-2024-27905

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-27905", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "security@apache.org"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-02-27T15:15:07.930", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/02/27/3", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp", "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/27/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora.\n\nAn endpoint exposing internals to unauthenticated users can be used as a \"padding oracle\" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"}, {"lang": "es", "value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Apache Aurora. Un endpoint que expone elementos internos a usuarios no autenticados se puede utilizar como un \"or\u00e1culo de relleno\" que permite a un atacante an\u00f3nimo construir una cookie de autenticaci\u00f3n v\u00e1lida. Potencialmente, esto podr\u00eda combinarse con vulnerabilidades en otros componentes para lograr la ejecuci\u00f3n remota de c\u00f3digo. Como este proyecto est\u00e1 retirado, no planeamos lanzar una versi\u00f3n que solucione este problema. Se recomienda a los usuarios que busquen una alternativa o restrinjan el acceso a la instancia a usuarios confiables. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. "}], "lastModified": "2024-11-21T09:05:23.400", "sourceIdentifier": "security@apache.org"}