Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server
CVE-2024-27349

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Hugegraph-server
Vendor: CVE Published:; 22 April 2024

Badges

📰 News Worthy

Summary

An authentication bypass vulnerability has been identified in Apache HugeGraph-Server, which allows malicious actors to spoof authentication methods, resulting in unauthorized access to sensitive data and functionalities. This vulnerability affects all versions from 1.0.0 up to, but not including, 1.3.0. Users are strongly encouraged to update their installations to version 1.3.0 or later to mitigate this security risk.

Affected Version(s)

Apache HugeGraph-Server 1.0.0 < 1.3.0

News Articles

GBHackers on Security

CVE-2024-27348 CVE-2024-27349

Critical Apache HugeGraph Flaw Let Attackers Execute Remote Code

Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool.

References

https://lists.apache.org/thread/dz9n9lndqfsf64t72o73r7stt...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/04/22/4

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by GBHackers on Security
Apr 23, 2024
Vulnerability published
Apr 22, 2024
Vulnerability Reserved
Feb 24, 2024

Credit

6right of moresec

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Critical Apache HugeGraph Flaw Let Attackers Execute Remote Code

References

CVSS V3.1

Timeline

Credit