Authentication Bypass Vulnerability in Apache HugeGraph-Server

CVE-2024-43441

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Hugegraph-server
Vendor: CVE Published:; 24 December 2024

Summary

An authentication bypass vulnerability has been identified in Apache HugeGraph-Server, affecting versions from 1.0.0 up to but not including 1.5.0. This security issue arises from an improper handling of assumed-immutable data, which may allow an attacker to gain unauthorized access. It is critical for users operating vulnerable versions of the HugeGraph-Server to upgrade to version 1.5.0, where this vulnerability has been addressed. Failure to update may expose systems to potential exploitation.

Affected Version(s)

Apache HugeGraph-Server < 1.5.0

References

https://lists.apache.org/thread/h2607yv32wgcrywov960jpxhv...

vendor-advisory

Timeline

Vulnerability published
Dec 24, 2024
Vulnerability Reserved
Aug 13, 2024

Collectors

NVD DatabaseMitre Database

Credit

L0ne1y