CVE-2024-27347 - Vulnerability Details - OpenCVE

Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.

Users are recommended to upgrade to version 1.3.0, which fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00355.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apache	Hugegraph-hubble

Configuration 1 [-]

cpe:2.3:a:apache:hugegraph-hubble:*:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/04/22/2
https://lists.apache.org/thread/z0v71148slfkw60hsp35pl7ddjyvg01l

History

Mon, 30 Jun 2025 14:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:apache:hugegraph-hubble::::::::

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache hugegraph-hubble
CPEs		cpe:2.3:a:apache:hugegraph-hubble:1.0.0:::::::*
Vendors & Products		Apache Apache hugegraph-hubble
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Feb 2025 18:00:00 +0000

Type	Values Removed	Values Added
Description	Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.	Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-04-22T14:07:37.300Z

Updated: 2025-02-13T17:46:27.622Z

Reserved: 2024-02-24T10:42:06.100Z

Link: CVE-2024-27347

Vulnrichment

Updated: 2024-08-02T00:34:52.209Z

NVD

Status : Analyzed

Published: 2024-04-22T14:15:07.310

Modified: 2025-06-30T13:41:39.080

Link: CVE-2024-27347

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27347", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-02-24T10:42:06.100Z", "datePublished": "2024-04-22T14:07:37.300Z", "dateUpdated": "2025-02-13T17:46:27.622Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.apache.hugegraph:hubble-be", "product": "Apache HugeGraph-Hubble", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "1.3.0", "status": "affected", "version": "1.0.0", "versionType": "maven"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "6right of moresec"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.<p>This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.</p><p>Users are recommended to upgrade to version 1.3.0, which fixes the issue.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.\n\nUsers are recommended to upgrade to version 1.3.0, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-05-01T17:11:08.056Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/z0v71148slfkw60hsp35pl7ddjyvg01l"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/22/2"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache HugeGraph-Hubble: SSRF in Hubble connection page", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27347", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T21:11:52.173654Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:hugegraph-hubble:1.0.0:*:*:*:*:*:*:*"], "vendor": "apache", "product": "hugegraph-hubble", "versions": [{"status": "affected", "version": "1.0.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:33.643Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.209Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/z0v71148slfkw60hsp35pl7ddjyvg01l"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/22/2", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/z0v71148slfkw60hsp35pl7ddjyvg01l", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/22/2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.209Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27347", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T21:11:52.173654Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:hugegraph-hubble:1.0.0:*:*:*:*:*:*:*"], "vendor": "apache", "product": "hugegraph-hubble", "versions": [{"status": "affected", "version": "1.0.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-22T17:18:56.424Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Apache HugeGraph-Hubble: SSRF in Hubble connection page", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "6right of moresec"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache HugeGraph-Hubble", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.3.0", "versionType": "maven"}], "packageName": "org.apache.hugegraph:hubble-be", "collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/z0v71148slfkw60hsp35pl7ddjyvg01l", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/22/2"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.\n\nUsers are recommended to upgrade to version 1.3.0, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.<p>This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.</p><p>Users are recommended to upgrade to version 1.3.0, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-05-01T17:11:08.056Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27347", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:46:27.622Z", "dateReserved": "2024-02-24T10:42:06.100Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-04-22T14:07:37.300Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hugegraph-hubble:*:*:*:*:*:*:*:*", "matchCriteriaId": "0963B7A4-5951-4445-AAE2-B350D1FD9898", "versionEndExcluding": "1.3.0", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.\n\nUsers are recommended to upgrade to version 1.3.0, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Apache HugeGraph-Hubble. Este problema afecta a Apache HugeGraph-Hubble: desde 1.0.0 antes de 1.3.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.3.0, que soluciona el problema."}], "id": "CVE-2024-27347", "lastModified": "2025-06-30T13:41:39.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-22T14:15:07.310", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/04/22/2"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/z0v71148slfkw60hsp35pl7ddjyvg01l"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/04/22/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/z0v71148slfkw60hsp35pl7ddjyvg01l"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@apache.org", "type": "Secondary"}]}