You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@storm.apache.org by "P. Taylor Goetz" <pt...@apache.org> on 2018/06/05 14:35:54 UTC
[CVE-2018-1332] Apache Storm user impersonation vulnerability
CVE-2018-1332: Apache Storm user impersonation vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Storm 1.2.1
Apache Storm 1.1.2
Description:
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.
Mitigation:
1.2.1 users should upgrade to version 1.2.2.
1.1.2 users should upgrade to version 1.1.3.
1.0.6 users should upgrade to version 1.1.3.
Apache Storm 1.2.2 artifacts are available for immediate download here:
http://www.us.apache.org/dist/storm/apache-storm-1.2.2/
Apache Storm 1.1.3 artifacts are available for immediate download here:
http://www.us.apache.org/dist/storm/apache-storm-1.1.3/
Credit:
This issue was discovered by Bobby Evans of the Apache Storm PMC
References:
http://storm.apache.org/2018/06/04/storm122-released.html
http://storm.apache.org/2018/06/04/storm113-released.html
P. Taylor Goetz