Apache Vulnerabilities

This vulnerability allows an attacker to access files outside of the intended directory on an Apache Livy server, potentially exposing sensitive data. It can only be exploited if the server is configured with a non-default setting for local directory access, so users should upgrade to version 0.9.0 to protect against this risk.

This vulnerability allows an attacker to access files they shouldn't be able to reach by sending specially crafted requests to Apache Livy's REST or JDBC interface. To exploit this, the attacker must already have access to these interfaces and be able to include specific Spark configuration values in their requests.

An attacker could gain unauthorized access to different AWS instances by reusing SAML authentication responses from other instances, potentially bypassing access controls. This vulnerability occurs because the system does not verify the origin of the SAML response against the actual instance URL, so it's crucial to upgrade to version 9.22.0 of the provider if you're using AWS Auth Manager.

This vulnerability allows an attacker with access to the database to run unauthorized code, effectively giving them the same permissions as the original creator of workflows in Airflow. While direct access to the database is uncommon and not recommended, upgrading to version 6.0.0 of the provider is essential to eliminate this risk.

This vulnerability allows an attacker to send malicious input to Apache IoTDB, potentially leading to unauthorized access or manipulation of data. It affects versions 1.0.0 to 1.3.6 and 2.0.0 to 2.0.6, so users should upgrade to the latest versions to protect against this risk.

This vulnerability allows an attacker to gain unauthorized access to sensitive data within Apache IoTDB, potentially leading to data theft or manipulation. It affects versions 1.0.0 to 1.3.6 and 2.0.0 to 2.0.6, so users should upgrade to the latest versions to protect themselves.

This vulnerability allows an attacker to access sensitive information from client configuration files that are improperly logged in Apache ZooKeeper, potentially exposing critical data in production environments. It affects versions 3.8.5 and 3.9.4, so users should upgrade to the latest versions to protect against this issue.

This vulnerability allows attackers to impersonate ZooKeeper servers or clients by controlling or spoofing reverse DNS records, potentially tricking systems into trusting them. However, the attacker must also present a valid certificate that is recognized by the system, making it more challenging to exploit.

This vulnerability allows an attacker to send specially crafted messages to an Apache ActiveMQ broker, potentially causing it to misinterpret the data and behave unexpectedly. It can occur after a user has successfully logged in, but only affects brokers that are using MQTT transport connectors.

This vulnerability allows an attacker to impersonate a trusted server by bypassing hostname verification in Apache Ranger, which could lead to unauthorized access to sensitive data. It affects versions 2.7.0 and earlier, so users should upgrade to version 2.8.0 to protect against this risk.

This vulnerability allows an attacker to execute malicious code remotely on systems running Apache Ranger versions 2.7.0 or earlier. To exploit this, the attacker needs access to the Ranger service, which could happen if the service is exposed to the internet or accessible on an internal network.

This vulnerability allows an authenticated user with access to SQLLab in Apache Superset to bypass restrictions and execute unauthorized data manipulation commands on a PostgreSQL database, even though the system is supposed to prevent such actions. To exploit this, the attacker must have valid credentials and access to the SQLLab feature before the software is updated to version 6.0.0, which fixes the issue.

This vulnerability allows authenticated users with low privileges to access sensitive information, such as password hashes and email addresses, through a specific API endpoint in Apache Superset. To exploit this, the tagging feature must be enabled, which is not the default setting, but users should upgrade to version 6.0.0 to fully protect against this risk.

This vulnerability allows a low-privileged user to access unauthorized data by manipulating existing datasets in Apache Superset. An attacker needs to have permission to create datasets and read charts, which lets them overwrite SQL queries and bypass data access controls.

This vulnerability allows an authenticated user with read access to manipulate SQL queries, potentially exposing sensitive data or causing errors in the database. It affects versions of Apache Superset prior to 6.0.0, so users should upgrade to this version to fix the issue.

This vulnerability allows an attacker to execute potentially harmful SQL functions in Apache Superset when using the ClickHouse database, due to an incomplete list of restricted functions. To exploit this, the attacker needs access to SQL Lab or charts in a version of Superset prior to 4.1.2.

Authenticated users with access to audit logs can view sensitive connection details that should remain hidden, as these values are stored unencrypted in the Airflow database. To mitigate this risk, users should upgrade to version 2.11.1 or later and manually remove any sensitive entries from the log.

This vulnerability allows a user with high-level permissions in Apache Airflow to execute arbitrary code on the web server by manipulating the database, particularly when viewing historical task logs. To mitigate this risk, users should upgrade to Airflow 3 or disable the log template history feature, which is turned off by default in version 2.11.1.

This vulnerability allows an attacker to execute arbitrary code on a server running Apache Camel if they can write to the LevelDB database files used by the application. This means that if an attacker has access to modify these files, they can inject malicious code that runs when the application processes the data, potentially compromising the entire system.

This vulnerability allows an attacker to use a valid token from one Keycloak realm to gain unauthorized access to resources in a different realm, effectively bypassing security measures meant to keep these realms separate. It affects specific versions of Apache Camel and requires that the application is using the Keycloak component without proper issuer validation.