CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-36264

** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.2%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/apache/submarine/pull/1125
https://lists.apache.org/thread/7mo0c7vbhpo8thvybl8wwvb0bccrg7r4
http://www.openwall.com/lists/oss-security/2024/06/12/2
https://github.com/apache/submarine/pull/1125
https://lists.apache.org/thread/7mo0c7vbhpo8thvybl8wwvb0bccrg7r4

Products affected by CVE-2024-36264

Apache » Submarine » Version: 0.8.0

cpe:2.3:a:apache:submarine:0.8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-36264

Products

Pricing

Contact Us