Received: by 2002:ab2:6c55:0:b0:1fd:c486:4f03 with SMTP id v21csp539829lqp;
        Wed, 12 Jun 2024 08:53:43 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCVWuXnYP9tcKV2QrzA6hU1GKS7/BaJRQHiHkiSuTepPfnWheEAJtJLWSmiQMywO5PJ7SMeGEh7Hfgm7eaI9aY/aEcdrBsFdTkJmVyUCeQ==
X-Google-Smtp-Source: AGHT+IHYnejFl/r50UVuJdybI4hyitUpv0oy0sRNOwXNJlBVp4w8fkPCacyddwPSXAQn6NtxGH7T
X-Received: by 2002:a50:d59d:0:b0:579:ca97:da1b with SMTP id 4fb4d7f45d1cf-57ca9743e10mr1553600a12.6.1718207623447;
        Wed, 12 Jun 2024 08:53:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1718207623; cv=none;
        d=google.com; s=arc-20160816;
        b=N8BGLCD1ctYS48j2HoXStorF6kfrSptSjr/Eg7MJb/3rgAxA78JbZM0iEnV9AMeaj+
         X5RNVSR/iPd2wIawvT9MtVcGchkugsZMELTWq72rI7wYA4UmxcblYhP29bpuRUyr87jK
         qHWuJBC90UgdbPntMY2gtTk5RRSzhVUwqKlWV0RCJOlQynPWoSMhTaRnq2q8EZ3BeuET
         vtNDA1vj/uKuPS2CRtJJRulXrg1bTgztkvtShQzmGxtJAOV9VLSJa1miYxYCK2rmOjng
         PcjsVYKLgrsrO7C45lvjoigLGseqz7h9uMAL/mJPeFuoKtcdWuUjohQjzFJphCfgdU7E
         62JA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=subject:mime-version:date:content-transfer-encoding:message-id:to
         :from:delivered-to:delivered-to:reply-to:list-id:list-subscribe
         :list-unsubscribe:list-help:list-post:precedence:mailing-list;
        bh=YjBtdH9GV22YytGFU2cWwz28+LB0V6cGTCUGDNVfTPs=;
        fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=;
        b=QemA+LOfuRoHXmCFizMVC/EwudC4kI6arv+b9/df272VozCqyeZcVkOcBAtey0r28e
         bjtd7JUMR2DxJHOERxOishlEjQ/5Mee6W72eKS671P7LueXKvL+R8bj3DXJq4xeVYbz/
         /A0gepMVigdxdgQYVOQd0kJ8nENmZwDLBoX64TbXOMtaS8A/iXGwEKCD4p6oBN8qVgJe
         u3HTDQ/3Ef9H9/SfurfBpepBGlMohZNcbDN8539w+iJR+nqcFkCWLl478VEtXtAui0du
         2Xdh0oOid5saJ8MiRjcLpfEh1W3J29dNXcirccuPR2uMjQGgkxAZEKJNOxNtIOb8TyyA
         2AvQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of oss-security-return-30190-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30190-linux.lists.archive=gmail.com@lists.openwall.com"
Return-Path: <oss-security-return-30190-linux.lists.archive=gmail.com@lists.openwall.com>
Received: from second.openwall.net (second.openwall.net. [193.110.157.125])
        by mx.google.com with SMTP id 4fb4d7f45d1cf-57c68c41ee5si5223758a12.377.2024.06.12.08.53.43
        for <linux.lists.archive@gmail.com>;
        Wed, 12 Jun 2024 08:53:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of oss-security-return-30190-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of oss-security-return-30190-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30190-linux.lists.archive=gmail.com@lists.openwall.com"
Received: (qmail 25856 invoked by uid 550); 12 Jun 2024 15:50:48 -0000
Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:oss-security@lists.openwall.com>
List-Help: <mailto:oss-security-help@lists.openwall.com>
List-Unsubscribe: <mailto:oss-security-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:oss-security-subscribe@lists.openwall.com>
List-ID: <oss-security.lists.openwall.com>
Reply-To: oss-security@lists.openwall.com
Delivered-To: mailing list oss-security@lists.openwall.com
Delivered-To: moderator for oss-security@lists.openwall.com
Received: (qmail 20317 invoked from network); 12 Jun 2024 14:04:58 -0000
Authentication-Results: apache.org; auth=none
Content-Type: text/plain; charset=utf-8
From: Arnout Engelen <engelen@apache.org>
To: oss-security@lists.openwall.com
Message-ID: <1d4388b8-bff8-d0ae-f234-f3f96c4579ba@apache.org>
Content-Transfer-Encoding: quoted-printable
Date: Wed, 12 Jun 2024 14:03:16 +0000
MIME-Version: 1.0
Subject: [oss-security] CVE-2024-36264: Apache Submarine Commons Utils: default secret 

Severity: low

Affected versions:

- Apache Submarine Commons Utils 0.8.0 or later

Description:

** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in =
Apache Submarine Commons Utils.

This issue affects Apache Submarine Commons Utils: from 0.8.0.

As this project is retired, we do not plan to release a version that fixes =
this issue. Users are recommended to find an alternative or restrict access=
 to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported=
 by the maintainer.

This issue is being tracked as SUBMARINE-1417=20

Credit:

Jonathan Leitschuh (finder)
L0ne1y (finder)

References:

https://github.com/apache/submarine/pull/1125
https://attic.apache.org/projects/submarine.html
https://www.cve.org/CVERecord?id=3DCVE-2024-36264
https://issues.apache.org/jira/browse/SUBMARINE-1417