Detections
Analytics
Apache Druid < 0.22.0 Incorrect Authorization
medium Nessus Plugin ID 181679
Language:
Synopsis
An application installed on the remote host is missing a vendor-supplied update.Description
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Apache Druid version 0.22.0 or later.See Also
Plugin Details
Severity: Medium
ID: 181679
File Name: apache_druid_0_22_0.nasl
Version: 1.1
Type: remote
Family: Misc.
Published: 9/20/2023
Updated: 9/21/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS Score Source: CVE-2021-36749
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:apache:druid
Required KB Items: installed_sw/Apache Druid
Exploit Ease: No known exploits are available
Patch Publication Date: 9/24/2021
Vulnerability Publication Date: 9/24/2021
Reference Information
CVE: CVE-2021-36749