Authentication Bypass by Spoofing

CVE-2024-27349

High

9.1/10

Summary

Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server versions 1.0.0 through 1.2.0. Users are recommended to upgrade to version, which fixes the issue. NOTE: This shares same fix commit with CVE-2024-27348.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-290 - Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

Advisory
Mail Thread
Issue
Pull request
Release Note

Advisory Timeline

Published Apr 22, 2024

Authentication Bypass by Spoofing

CVE-2024-27349

Summary

CWE-290 - Authentication Bypass by Spoofing

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS