Описание
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
Ссылки
- MitigationThird Party Advisory
- Third Party AdvisoryVDB Entry
- MitigationThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:ignite:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.5.0:b1:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.5.0:final:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:ignite:2.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.0117
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 7.5
github
больше 7 лет назад
Apache Ignite communicates to an external PHP server where sensitive information is sent
EPSS
Процентиль: 78%
0.0117
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200