Data Exposure Vulnerability in Apache Ignite H2 Database
CVE-2020-1963

9.1CRITICAL

Key Information:

Vendor

Apache
Status
Apache Ignite
Vendor
CVE Published:
3 June 2020

What is CVE-2020-1963?

Apache Ignite leverages the H2 database to create a distributed SQL execution engine. A flaw in the H2 library allows attackers to leverage SQL functions that could expose sensitive data by granting unauthorized access to the underlying file system. This vulnerability poses a significant risk to the integrity of data within applications utilizing Apache Ignite, offering a potential pathway for data breaches.

Affected Version(s)

Apache Ignite All versions of Apache Ignite up to 2.8

References

http://www.openwall.com/lists/oss-security/2020/06/03/2
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdf37011b92a31a67c29...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdf37011b92a31a67c29...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.