** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.

If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used.


This issue affects Apache Submarine Commons Utils: from 0.8.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Tue, 15 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-798 NVD-CWE-Other

Mon, 14 Oct 2024 09:30:00 +0000

Type Values Removed Values Added
References

Mon, 14 Oct 2024 09:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 14 Oct 2024 09:00:00 +0000

Type Values Removed Values Added
Description ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Thu, 26 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache submarine
Weaknesses CWE-798
CPEs cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache submarine
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-03-20T19:07:12.124Z

Reserved: 2024-05-22T10:11:02.734Z

Link: CVE-2024-36264

cve-icon Vulnrichment

Updated: 2024-08-02T03:37:04.764Z

cve-icon NVD

Status : Modified

Published: 2024-06-12T14:15:11.983

Modified: 2025-03-20T19:15:29.423

Link: CVE-2024-36264

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.