HomePentest-Tools.com Logo

Apache Druid - Remote Code Execution CVE-2021-25646

Severity
CVSSv3 Score
8.8
Vulnerability description

Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.\n

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Apply the latest security patches or upgrade to a patched version of Apache Druid.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jan 29, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available