** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
History

Wed, 21 Aug 2024 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}


Wed, 21 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
Description ** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Title Apache Helix Front (UI): Helix front hard-coded secret in the express-session
Weaknesses CWE-668
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-08-20T22:11:38.598Z

Updated: 2024-08-21T13:22:02.143Z

Reserved: 2024-01-08T19:23:46.550Z

Link: CVE-2024-22281

cve-icon Vulnrichment

Updated: 2024-08-20T23:03:27.859Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-20T23:15:03.347

Modified: 2024-11-21T08:55:57.433

Link: CVE-2024-22281

cve-icon Redhat

No data.