Sunday, May 19, 2024

Critical Apache HugeGraph Flaw Let Attackers Execute Remote Code

Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool.

This flaw, if exploited, could allow attackers to execute arbitrary code remotely, posing a significant threat to systems using this software.

The vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) identifier, highlighting its severity and the need for immediate attention by users of Apache HugeGraph.

The specific details of the CVEs are given below.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin

This vulnerability, classified as a Remote Command Execution (RCE), poses a serious risk as it allows unauthorized remote execution of commands.

The issue is prevalent in environments running Java 8 and Java 11, making various installations vulnerable to potential attacks.

Recommended Actions:

  • Upgrade to Version 1.3.0: Users are urged to upgrade their Apache HugeGraph-Server installations to version 1.3.0.
  • This version addresses the RCE vulnerability and is optimized for Java 11, which offers improved performance and security features.
  • Enable Authentication System: Strengthening security configurations by enabling the authentication system is crucial.
  • This system helps verify and authenticate user access, providing an additional layer of security.
  • Implement Whitelist-IP/Port Function: To enhance the security of RESTful-API execution further, enabling the Whitelist-IP/port function is recommended.
  • This function restricts API access to only those IP addresses and ports that are explicitly allowed, significantly reducing the risk of malicious access.

CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode

This critical flaw affects all versions from the initial release 1.0.0 up to, but not including, the more secure 1.3.0 version.

The vulnerability allows attackers to bypass authentication mechanisms by spoofing legitimate user credentials, potentially leading to unauthorized access and control over the HugeGraph-Server.

Urgent Security Measures:

  • Immediate Upgrade Required: Users must promptly upgrade to Apache HugeGraph-Server version 1.3.0.
  • This version contains necessary fixes that address the authentication bypass vulnerability, closing the door on this particular method of system compromise.
  • Activate Whitelist-IP/Port: Enabling the Whitelist-IP/port function is strongly advised as an additional security precaution.
  • This security feature limits RESTful-API execution to trusted IP addresses and ports, providing a robust defense against unauthorized access.

CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page

This moderate severity issue allows attackers to send crafted requests from the server, potentially leading to unauthorized actions and information disclosure from internal systems that are otherwise inaccessible from the external network.

Recommended Remedial Actions:

  • Upgrade to Version 1.3.0: Users of Apache HugeGraph-Hubble must upgrade their systems to version 1.3.0 as soon as possible.
  • This updated version includes patches that effectively resolve the SSRF vulnerability, enhancing the server’s security against such exploitation techniques.

The discovery of this critical vulnerability in Apache HugeGraph underscores the importance of maintaining up-to-date software and implementing robust security measures. 

Organizations using HugeGraph should act swiftly to apply the provided updates and secure their systems against potential threats. 

Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot


Latest articles

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make...

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles