In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.
Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
Java-based middleware for in-memory processing of big data in a distributed environment.
Library home page: http://www.apache.org/
Path to dependency file: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Path to vulnerable library: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2018-8018
### Vulnerable Library - ignite-core-1.6.0.jarJava-based middleware for in-memory processing of big data in a distributed environment.
Library home page: http://www.apache.org/
Path to dependency file: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Path to vulnerable library: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Dependency Hierarchy: - :x: **ignite-core-1.6.0.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsIn Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.
Publish Date: 2018-07-19
URL: CVE-2018-8018
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8018
Release Date: 2018-07-19
Fix Resolution: 2.6.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2018-1295
### Vulnerable Library - ignite-core-1.6.0.jarJava-based middleware for in-memory processing of big data in a distributed environment.
Library home page: http://www.apache.org/
Path to dependency file: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Path to vulnerable library: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Dependency Hierarchy: - :x: **ignite-core-1.6.0.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsIn Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.
Publish Date: 2018-04-02
URL: CVE-2018-1295
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1295
Release Date: 2018-04-01
Fix Resolution: 2.4.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2020-1963
### Vulnerable Library - ignite-core-1.6.0.jarJava-based middleware for in-memory processing of big data in a distributed environment.
Library home page: http://www.apache.org/
Path to dependency file: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Path to vulnerable library: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Dependency Hierarchy: - :x: **ignite-core-1.6.0.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsApache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.
Publish Date: 2020-06-03
URL: CVE-2020-1963
### CVSS 3 Score Details (9.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-5wm5-8q42-rhxg
Release Date: 2020-06-03
Fix Resolution: 2.8.1
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2017-7686
### Vulnerable Library - ignite-core-1.6.0.jarJava-based middleware for in-memory processing of big data in a distributed environment.
Library home page: http://www.apache.org/
Path to dependency file: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Path to vulnerable library: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Dependency Hierarchy: - :x: **ignite-core-1.6.0.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsApache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
Publish Date: 2017-06-28
URL: CVE-2017-7686
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html
Release Date: 2017-06-28
Fix Resolution: 2.1.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2016-6805
### Vulnerable Library - ignite-core-1.6.0.jarJava-based middleware for in-memory processing of big data in a distributed environment.
Library home page: http://www.apache.org/
Path to dependency file: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Path to vulnerable library: /nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml
Dependency Hierarchy: - :x: **ignite-core-1.6.0.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsApache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
Publish Date: 2017-04-07
URL: CVE-2016-6805
### CVSS 3 Score Details (5.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6805
Release Date: 2017-04-07
Fix Resolution: 1.9.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.