CVE-2018-1331

Summary

In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Storm0.10.0 through 0.10.2affected
Apache Software FoundationApache Storm1.0.0 through 1.0.6affected
Apache Software FoundationApache Storm1.1.0 through 1.1.2affected
Apache Software FoundationApache Storm1.2.0 through 1.2.1affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References