CVE-2018-1332 - OpenCVE

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Storm

Configuration 1 [-]

cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104399
https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4%40%3Cdev.storm.apache.org%3E

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-06-05T19:00:00Z

Updated: 2024-09-16T16:23:01.430Z

Reserved: 2017-12-07T00:00:00

Link: CVE-2018-1332

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-05T19:29:00.217

Modified: 2023-11-07T02:55:58.870

Link: CVE-2018-1332

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache Storm", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier"}]}], "datePublic": "2018-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons."}], "problemTypes": [{"descriptions": [{"description": "User Impersonation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-07T09:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4%40%3Cdev.storm.apache.org%3E"}, {"name": "104399", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104399"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-06-05T00:00:00", "ID": "CVE-2018-1332", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Storm", "version": {"version_data": [{"version_value": "Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "User Impersonation"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4@%3Cdev.storm.apache.org%3E", "refsource": "CONFIRM", "url": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4@%3Cdev.storm.apache.org%3E"}, {"name": "104399", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104399"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:59:38.537Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4%40%3Cdev.storm.apache.org%3E"}, {"name": "104399", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104399"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-1332", "datePublished": "2018-06-05T19:00:00Z", "dateReserved": "2017-12-07T00:00:00", "dateUpdated": "2024-09-16T16:23:01.430Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*", "matchCriteriaId": "265E8751-BB87-4F1F-8271-D35DB199C986", "versionEndIncluding": "1.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*", "matchCriteriaId": "540EA459-08DF-43BF-B9BD-866B00B977FA", "versionEndIncluding": "1.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF46C169-8C83-4DA2-AFDC-B41D5B5F5139", "versionEndIncluding": "1.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons."}, {"lang": "es", "value": "Apache Storm en versiones 1.0.6 y anteriores, 1.2.1 y anteriores y versiones 1.1.2 y anteriores expone una vulnerabilidad que podr\u00eda permitir que un usuario suplante a otro al comunicarse con algunos demonios Storm."}], "id": "CVE-2018-1332", "lastModified": "2023-11-07T02:55:58.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-05T19:29:00.217", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104399"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4%40%3Cdev.storm.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}