CVE-2017-9799 is a vulnerability in Apache Storm
Published on August 9, 2017

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.

NVD

Products Associated with CVE-2017-9799

Want to know whenever a new CVE is published for Apache Storm? stack.watch will email you.

Apache Storm

Affected Versions

Apache Software Foundation Apache Storm:

Version 1.0.0 through 1.0.3 is affected.
Version 1.1.0 is affected.

Exploit Probability

EPSS

0.89%

Percentile

75.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-9799 is a vulnerability in Apache StormPublished on August 9, 2017

Products Associated with CVE-2017-9799

Affected Versions

Exploit Probability

CVE-2017-9799 is a vulnerability in Apache Storm
Published on August 9, 2017