CVE-2024-27905

{"id": "CVE-2024-27905", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "security@apache.org"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-02-27T15:15:07.930", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/02/27/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/27/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora.\n\nAn endpoint exposing internals to unauthenticated users can be used as a \"padding oracle\" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Apache Aurora. Un endpoint que expone elementos internos a usuarios no autenticados se puede utilizar como un \"or\u00e1culo de relleno\" que permite a un atacante an\u00f3nimo construir una cookie de autenticaci\u00f3n v\u00e1lida. Potencialmente, esto podr\u00eda combinarse con vulnerabilidades en otros componentes para lograr la ejecuci\u00f3n remota de c\u00f3digo. Como este proyecto est\u00e1 retirado, no planeamos lanzar una versi\u00f3n que solucione este problema. Se recomienda a los usuarios que busquen una alternativa o restrinjan el acceso a la instancia a usuarios confiables. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. "}], "lastModified": "2025-07-10T12:23:26.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:aurora:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4547FB4A-33AB-4D30-ABA2-C17111F3C19F", "versionStartIncluding": "0.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}