Vulnerability Data

CVE-2019-0202

Track security vulnerabilities

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.

Published at
2019-07-25
906 days ago
Modified
2019-07-25
906 days ago
2019
Year
The year of the turtle

https://lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f@%3Cuser.storm.apache.org%3E

MLIST:[storm-user] 20190724 [CVE-2019-0202] Apache Storm Logviewer file system access vulnerability

Read More about itMore info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2019-0202"
	},
	"Notes": {
		"Note": [
			{
				"_text": "The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints."
			},
			{
				"_text": "2019-07-25"
			},
			{
				"_text": "2019-07-25"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2019-0202"
	},
	"References": {
		"Reference": {
			"URL": {
				"_text": "https://lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f@%3Cuser.storm.apache.org%3E"
			},
			"Description": {
				"_text": "MLIST:[storm-user] 20190724 [CVE-2019-0202] Apache Storm Logviewer file system access vulnerability"
			}
		}
	}
}