The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2019-07-25T23:17:23
Updated: 2019-07-25T23:17:23
Reserved: 2018-11-14T00:00:00
Link: CVE-2019-0202
JSON object: View
NVD Information
Status : Modified
Published: 2019-07-26T00:15:11.027
Modified: 2023-11-07T03:01:48.910
Link: CVE-2019-0202
JSON object: View
Redhat Information
No data.