CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode
Description
Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0.
Users are recommended to upgrade to version 1.3.0, which fixes the issue.
Classification
CVE ID: CVE-2024-27349
Affected Products
Vendor: Apache Software Foundation
Product: Apache HugeGraph-Server
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.98% (scored less or equal to compared to others)
EPSS Date: 2025-03-14 (when was this score calculated)
References
https://lists.apache.org/thread/dz9n9lndqfsf64t72o73r7sttrc6ocsdhttp://www.openwall.com/lists/oss-security/2024/04/22/4