OpenCVE

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Submarine

Configuration 1 [-]

cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/06/12/3
https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz

History

Thu, 26 Sep 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache submarine
CPEs		cpe:2.3:a:apache:submarine::::::::
Vendors & Products		Apache Apache submarine
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-06-12T14:12:11.078Z

Updated: 2024-08-02T03:37:05.183Z

Reserved: 2024-05-22T10:11:18.013Z

Link: CVE-2024-36265

Vulnrichment

Updated: 2024-08-02T03:37:05.183Z

NVD

Status : Modified

Published: 2024-06-12T15:15:52.247

Modified: 2024-11-21T09:21:57.503

Link: CVE-2024-36265

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-36265", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-05-22T10:11:18.013Z", "datePublished": "2024-06-12T14:12:11.078Z", "dateUpdated": "2024-08-02T03:37:05.183Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.apache.submarine:submarine-server-core", "product": "Apache Submarine Server Core", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "*", "status": "affected", "version": "0.8.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "L0ne1y"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.</p><p>This issue affects Apache Submarine Server Core: from 0.8.0.</p><p>As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.</p><p>NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</p>"}], "value": "** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.\n\nThis issue affects Apache Submarine Server Core: from 0.8.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-06-12T14:12:11.078Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz"}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/12/3"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "title": "Apache Submarine Server Core: authorization bypass", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-13T20:06:55.546776Z", "id": "CVE-2024-36265", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T20:07:05.232Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:05.183Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz"}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/12/3", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/12/3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:05.183Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36265", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-13T20:06:55.546776Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T20:07:01.345Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "Apache Submarine Server Core: authorization bypass", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "L0ne1y"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "important"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Submarine Server Core", "versions": [{"status": "affected", "version": "0.8.0", "versionType": "semver", "lessThanOrEqual": "*"}], "packageName": "org.apache.submarine:submarine-server-core", "collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/12/3"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.\n\nThis issue affects Apache Submarine Server Core: from 0.8.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.</p><p>This issue affects Apache Submarine Server Core: from 0.8.0.</p><p>As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.</p><p>NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-06-12T14:12:11.078Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36265", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:37:05.183Z", "dateReserved": "2024-05-22T10:11:18.013Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-06-12T14:12:11.078Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5154192-85CB-40A8-8F77-800808F72505", "versionStartIncluding": "0.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "security@apache.org", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.\n\nThis issue affects Apache Submarine Server Core: from 0.8.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"}, {"lang": "es", "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Vulnerabilidad de autorizaci\u00f3n incorrecta en Apache Submarine Server Core. Este problema afecta a Apache Submarine Server Core: desde 0.8.0. Como este proyecto est\u00e1 retirado, no planeamos lanzar una versi\u00f3n que solucione este problema. Se recomienda a los usuarios que busquen una alternativa o restrinjan el acceso a la instancia a usuarios confiables. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."}], "id": "CVE-2024-36265", "lastModified": "2024-11-21T09:21:57.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-12T15:15:52.247", "references": [{"source": "security@apache.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/06/12/3"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/06/12/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@apache.org", "type": "Secondary"}]}