Vulnerability Details : CVE-2020-1958
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user.
Vulnerability category: Information leak
Products affected by CVE-2020-1958
- cpe:2.3:a:apache:druid:0.17.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-1958
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-1958
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2020-1958
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-1958
-
https://lists.apache.org/thread.html/r9d437371793b410f8a8e18f556d52d4bb68e18c537962f6a97f4945e%40%3Cdev.druid.apache.org%3E
[CVE-2020-1958]: Apache Druid LDAP injection vulnerability - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rf70876ecafb45b314eff9d040c5281c4adb0cb7771eb029448cfb79b@%3Cannounce.apache.org%3E
[CVE-2020-1958]: Apache Druid LDAP injection vulnerability - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r1526dbce98a138629a41daa06c13393146ddcaf8f9d273cc49d57681@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] lgtm-com[bot] commented on issue #9600: Fix for [CVE-2020-1958] Apache Druid LDAP injection vulnerability - Pony MailMailing List;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/r026540c617d334007810cd8f0068f617b5c78444be00a31fc1b03390@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] jon-wei opened a new pull request #9612: [Backport] Fix for [CVE-2020-1958]: Apache Druid LDAP injection vulnerability (#9600) - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r75e74d39c41c1b95a658b6a9f75fc6fd02b1d1922566a0ee4ee2fdfc@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] clintropolis merged pull request #9612: [Backport] Fix for [CVE-2020-1958]: Apache Druid LDAP injection vulnerability (#9600) - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r47c90a378efdb3fd07ff7f74095b8eb63b3ca93b8ada5c2661c5e371@%3Ccommits.druid.apache.org%3E
[druid] branch 0.18.0 updated: Fix for [CVE-2020-1958]: Apache Druid LDAP injection vulnerability (#9600) (#9612) - Pony MailMailing List;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/rffabc9e83cc2831bbee5db32b3965b84b09346a26ebc1012db63d28c@%3Ccommits.druid.apache.org%3E
[druid] branch master updated: Fix for [CVE-2020-1958]: Apache Druid LDAP injection vulnerability (#9600) - Pony MailMailing List;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/r1c32c95543d44559b8d7fd89b0a85f728c80e8b715685bbf788a15a4@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] jihoonson merged pull request #9600: Fix for [CVE-2020-1958] Apache Druid LDAP injection vulnerability - Pony MailMailing List;Patch;Vendor Advisory
Jump to