CVE-2019-0202
N/A
N/A
Summary
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache | Storm | 0.9.1-incubating to 1.2.2 | affected |
Weaknesses
- CWE-200: CWE-200: Information Exposure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.