CVE-2024-36264 — Apache Submarine Commons Utils has a hard-coded secret

Description

** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

How to fix CVE-2024-36264

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed
—no fix listed
—no fix listed

Is CVE-2024-36264 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, <= 0.8.0
>= 0.8.0
>= 0.8.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References (9)

ADVISORYgithub.com/advisories/GHSA-jwcg-wv5x-vg3g
ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-36264
PATCHgithub.com/apache/submarine
WEBgithub.com/apache/submarine/commit/7a1d551798c6785fc68fe028fc46f74c3ee6976d
WEB