admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/45xxx/CVE-2024-45106.json
CVE Team 9bc2ce849a
"-Synchronized-Data."
2024-12-03 10:00:30 +00:00

83 lines
2.7 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-45106",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if:\n * ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false.\n * The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators.\n\n\nUsers are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Ozone",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/rylnxwttp004kvotpk9j158vb238pfkm",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/rylnxwttp004kvotpk9j158vb238pfkm"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"HDDS-9203"
],
"discovery": "INTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Ethan Rose"
},
{
"lang": "en",
"value": "Ivan Zlenko"
}
]
}
Reference in New Issue View Git Blame Copy Permalink