Executive Summary

Informations
Name CVE-2024-45106 First vendor Publication 2024-12-03
Vendor Cve Last vendor Modification 2024-12-03

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if:
* ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false.
* The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators.

Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45106

Sources (Detail)

http://www.openwall.com/lists/oss-security/2024/12/02/1
https://lists.apache.org/thread/rylnxwttp004kvotpk9j158vb238pfkm
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2024-12-03 21:20:33
  • Multiple Updates
2024-12-03 13:20:29
  • First insertion