CVE-2024-27348 is a vulnerability in Apache Hugegraph
Published on April 22, 2024
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
Known Exploited Vulnerability
This Apache HugeGraph-Server Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code.
The following remediation steps are recommended / required by October 9, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2024-27348 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Products Associated with CVE-2024-27348
You can be notified by stack.watch whenever vulnerabilities like CVE-2024-27348 are published in these products:
What versions of Hugegraph are vulnerable to CVE-2024-27348?
-
Apache Hugegraph
Version 1.0.0
Fixed in Version 1.3.0