Severity: critical
Affected versions:
- Apache HugeGraph-Server 1.0.0 before 1.3.0
Description:
Authentication Bypass by Spoofing vulnerability in Apache
HugeGraph-Server.This issue affects Apache HugeGraph-Server: from
1.0.0 before 1.3.0.
Users are recommended to upgrade to version 1.3.0, which fixes the issue.
(Also you could enable the "Whitelist-IP/port" function to improve the
security of RESTful-API execution)
Credit:
6right of moresec (reporter)
References:
https://hugegraph.apache.org/docs/download/download/
https://hugegraph.apache.org/docs/guides/security/
https://www.cve.org/CVERecord?id=CVE-2024-27349