Received: by 2002:ab2:6c55:0:b0:1fd:c486:4f03 with SMTP id v21csp541062lqp; Wed, 12 Jun 2024 08:56:05 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXvi7pTLr+ae+kC2MvRtlJ27/PjrYAnHcjm4DbeSSEDSUMfNViijerXuj/P9gL01+p0Cflt6/HYMWNH8S7FEu6yl5qcyEyrzSB6HDeBpA== X-Google-Smtp-Source: AGHT+IF6UG/a1LkMGsVLhrg9SevZBeGIT4Ow31ZCQL984UT18ErERpbDLgy7WbnrxIrVaf1T8jNb X-Received: by 2002:a17:907:7e96:b0:a6f:3395:5d20 with SMTP id a640c23a62f3a-a6f47f71a37mr171236266b.37.1718207764961; Wed, 12 Jun 2024 08:56:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1718207764; cv=none; d=google.com; s=arc-20160816; b=tbi1cUu1vZ7ZfQ/lecna7IhoRaSSJiyTT1+lYdZ1WGLZfQG43Ng7XBR7GG7tT/YXeZ 9XM45ZX7y52zHeqzzsxcQQxbLLzm846Ff4vL/wLxkVI1l/EhuAsAWIkXaH3ZreUrGYhT A64w3TjMWCkjWleJ3O2z75uMVRERuencLo/x4NNF5IuayJPq9WV8jaJBxPXZIWe2C3IK cP+10BAGT0MpjSXAqfogpPYv9deqbesqwK1L+qEcTiBORwXeT6qo8sRiWgNowhXmDYRv RakArcNaJ65BthRSY005HB2p6S253lMgNJU9AFGYMmiqh0viFuJS9e+xYPEcqobLYrrQ TKeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:mime-version:date:content-transfer-encoding:message-id:to :from:delivered-to:delivered-to:reply-to:list-id:list-subscribe :list-unsubscribe:list-help:list-post:precedence:mailing-list; bh=HD5+RqL4OGyuNOdm575/HW8X2In/WKFXSdYFnF87xqY=; fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=; b=fsG/LQIxLd5TFfvI6exVW7Q4LFUio+NszYnCYuLYB1MiQT792BV6nQhZUAFFawSb0a C2+sfapB/sopVgik/lm+5cagvfSBT0FoC1cTO8DrNbG/LjTMHacCXBfEWje88Io0zgtc z16om3DvD5HF9e2zA9C6AyHjoUbdTOBZThid/3r+dEkfOmNoFLcXnkrNIDfeZJNqQWUm 6WW3g2xJIQ0o8JzSc6fE+DVKWt7Q9gkOPEQihbTkNbvgFYc/NO49mJKljqfPkJCQnz+5 oCYBGyJNKivA/pMvfimOLCZLyckWzeY+Gs3Vdr3Iycj1tMxWyVvIBlUdEg8ijE9A9m9/ 6RJQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of oss-security-return-30191-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30191-linux.lists.archive=gmail.com@lists.openwall.com" Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id a640c23a62f3a-a6f3df89051si159098466b.395.2024.06.12.08.56.04 for ; Wed, 12 Jun 2024 08:56:04 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30191-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; spf=pass (google.com: domain of oss-security-return-30191-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30191-linux.lists.archive=gmail.com@lists.openwall.com" Received: (qmail 1300 invoked by uid 550); 12 Jun 2024 15:51:42 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 21621 invoked from network); 12 Jun 2024 14:05:20 -0000 Authentication-Results: apache.org; auth=none Content-Type: text/plain; charset=utf-8 From: Arnout Engelen To: oss-security@lists.openwall.com Message-ID: <9908bd3c-5a9f-e3b3-390c-2bb7125804e9@apache.org> Content-Transfer-Encoding: quoted-printable Date: Wed, 12 Jun 2024 14:03:41 +0000 MIME-Version: 1.0 Subject: [oss-security] CVE-2024-36265: Apache Submarine Server Core: authorization bypass Severity: important Affected versions: - Apache Submarine Server Core 0.8.0 or later Description: ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in = Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes = this issue. Users are recommended to find an alternative or restrict access= to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported= by the maintainer. Credit: L0ne1y (finder) References: https://attic.apache.org/projects/submarine.html https://www.cve.org/CVERecord?id=3DCVE-2024-36265