Druid
CVE-2020-1958
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user.
AnalysisAI
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-74. When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user. Affected products include: Apache Druid.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. Rated
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. Rated medium severit
Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page
Authentication bypass in Apache Druid versions 0.17.0 through 35.x. Affects all versions prior to 36.0.0 when specific p
Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSign
Apache Druid allows users to read data from other database systems using JDBC. Rated high severity (CVSS 8.8), this vuln
In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. Rated high sever
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. Rated medium sev
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. Rated medium severit
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. Rated medium severity (CVSS 5.3), this vulnerabilit
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Rated medium sev
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today