Back to search
CVE-2017-9799
Published: Aug 9, 2017
Modified: Sep 17, 2024
PUBLISHED
Description
It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Storm | affected 1.0.0 through 1.0.3affected 1.1.0 |
References
[dev] 20170809 [CVE-2017-9799] Apache Storm Possible Code Execution As A Different User
mailing-list
x_refsource_MLIST
100235
vdb-entry
x_refsource_BID
1039116
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now