Critical Apache HugeGraph Flaw – Attackers Execute Remote Code


Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool.

This flaw, if exploited, could allow attackers to execute arbitrary code remotely, posing a significant threat to systems using this software.

The vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) identifier, highlighting its severity and the need for immediate attention by users of Apache HugeGraph.

The specific details of the CVEs are given below.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin

This vulnerability, classified as a Remote Command Execution (RCE), poses a serious risk as it allows unauthorized remote execution of commands.

The issue is prevalent in environments running Java 8 and Java 11, making various installations vulnerable to potential attacks.

Recommended Actions:

  • Upgrade to Version 1.3.0: Users are urged to upgrade their Apache HugeGraph-Server installations to version 1.3.0.
  • This version addresses the RCE vulnerability and is optimized for Java 11, which offers improved performance and security features.
  • Enable Authentication System: Strengthening security configurations by enabling the authentication system is crucial.
  • This system helps verify and authenticate user access, providing an additional layer of security.
  • Implement Whitelist-IP/Port Function: To enhance the security of RESTful-API execution further, enabling the Whitelist-IP/port function is recommended.
  • This function restricts API access to only those IP addresses and ports that are explicitly allowed, significantly reducing the risk of malicious access.

CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode

This critical flaw affects all versions from the initial release 1.0.0 up to, but not including, the more secure 1.3.0 version.

The vulnerability allows attackers to bypass authentication mechanisms by spoofing legitimate user credentials, potentially leading to unauthorized access and control over the HugeGraph-Server.

Urgent Security Measures:

  • Immediate Upgrade Required: Users must promptly upgrade to Apache HugeGraph-Server version 1.3.0.
  • This version contains necessary fixes that address the authentication bypass vulnerability, closing the door on this particular method of system compromise.
  • Activate Whitelist-IP/Port: Enabling the Whitelist-IP/port function is strongly advised as an additional security precaution.
  • This security feature limits RESTful-API execution to trusted IP addresses and ports, providing a robust defense against unauthorized access.

CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page

This moderate severity issue allows attackers to send crafted requests from the server, potentially leading to unauthorized actions and information disclosure from internal systems that are otherwise inaccessible from the external network.

Recommended Remedial Actions:

  • Upgrade to Version 1.3.0: Users of Apache HugeGraph-Hubble must upgrade their systems to version 1.3.0 as soon as possible.
  • This updated version includes patches that effectively resolve the SSRF vulnerability, enhancing the server’s security against such exploitation techniques.

The discovery of this critical vulnerability in Apache HugeGraph underscores the importance of maintaining up-to-date software and implementing robust security measures. 

Organizations using HugeGraph should act swiftly to apply the provided updates and secure their systems against potential threats. 

Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot



Source link