Vulnerability Details : CVE-2021-25646
Public exploit exists!
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Vulnerability category: Execute code
Products affected by CVE-2021-25646
- cpe:2.3:a:apache:druid:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-25646
97.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-25646
-
Apache Druid 0.20.0 Remote Command Execution
Disclosure Date: 2021-01-21First seen: 2021-04-26exploit/linux/http/apache_druid_js_rceApache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to `0.20.1`, an authenticated user can send a specially-crafted request th
CVSS scores for CVE-2021-25646
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2021-25646
-
https://lists.apache.org/thread.html/r64431c2b97209f566b5dff92415e7afba0ed3bfab4695ebaa8a62e5d@%3Cdev.druid.apache.org%3E
Re: [druid-user] Re: CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. - Pony MailMailing List;Vendor Advisory
-
http://packetstormsecurity.com/files/162345/Apache-Druid-0.20.0-Remote-Command-Execution.html
Apache Druid 0.20.0 Remote Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/rfeb775822cd3baef1595b60f6860f5ca849eb1903236483f3297bd5c@%3Ccommits.druid.apache.org%3E
[druid] branch 0.21.0 updated: Fix CVE-2021-25646 (#10818) (#10854) - Pony MailMailing List;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/r121abe8014d381943b63c60615149d40bde9dc1c868bcee90d0d0848@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] jihoonson opened a new pull request #10854: [Backport] Fix CVE-2021-25646 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rc167d5e57f3120578718a7a458ce3e73b3830ac4efbb1b085bd06b92@%3Cdev.druid.apache.org%3E
Re: CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/ra4225912f501016bc5e0ac44e14b8d6779173a3a1dc7baacaabcc9ba@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] jihoonson commented on pull request #10818: Fix CVE-2021-25646 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r04fa1ba93599487c95a8497044d37f8c02a439bfcf92b4567bfb7c8f@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] jihoonson merged pull request #10854: [Backport] Fix CVE-2021-25646 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r4f84b542417ea46202867c0a8b3eaf3b4cfed30e09174a52122ba210@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] jihoonson merged pull request #10818: Fix CVE-2021-25646 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E
CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. - Pony MailMailing List;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2021/01/29/6
oss-security - CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r87aa94e28dd21ee2252d30c63f01ab9cb5474ee5bdd98dd8d7d734aa@%3Ccommits.druid.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r20e0c3b10ae2c05a3aad40f1476713c45bdefc32c920b9986b941d8f@%3Cannounce.apache.org%3E
Subject: [CVE-2021-25646] Apache Druid remote code execution vulnerability - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rea9436a4063927a567d698431ddae55e760c3f876c22ac5b9813685f@%3Ccommits.druid.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r7dff4790e7a5c697fc0360adf11f5aeb31cd6ad80644fffee690673c@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] jihoonson merged pull request #10818: Fix CVE-2021-25646 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r5ef625076982aee7d23c23f07717e626b73f421fba5154d1e4de15e1@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] jihoonson merged pull request #10854: [Backport] Fix CVE-2021-25646 - Pony MailMailing List;Vendor Advisory
Jump to