CVE-2024-36265

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/06/12/3	Mailing List
https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/06/12/3	Mailing List
https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*

History

13 Feb 2025, 18:18

Type	Values Removed	Values Added
Summary	(en) UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	(en) UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Information

Published : 2024-06-12 15:15

Updated : 2025-03-19 21:15

NVD link : CVE-2024-36265

Mitre link : CVE-2024-36265

CVE.ORG link : CVE-2024-36265

JSON object : View

Products Affected

apache

submarine

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2024-36265", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "security@apache.org"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-06-12T15:15:52.247", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/06/12/3", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/12/3", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.\n\nThis issue affects Apache Submarine Server Core: from 0.8.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Vulnerabilidad de autorizaci\u00f3n incorrecta en Apache Submarine Server Core. Este problema afecta a Apache Submarine Server Core: desde 0.8.0. Como este proyecto est\u00e1 retirado, no planeamos lanzar una versi\u00f3n que solucione este problema. Se recomienda a los usuarios que busquen una alternativa o restrinjan el acceso a la instancia a usuarios confiables. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."}], "lastModified": "2025-03-19T21:15:36.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:submarine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5154192-85CB-40A8-8F77-800808F72505", "versionStartIncluding": "0.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}