CVE-2019-0202

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
26/07/2019
Last modified:
17/06/2026

Description

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:* 0.9.3 (including) 1.2.2 (including)
cpe:2.3:a:apache:storm:0.9.1:incubating:*:*:*:*:*:*
cpe:2.3:a:apache:storm:0.9.2:incubating:*:*:*:*:*:*