Critical Apache HugeGraph Flaw Let Attackers Execute Remote Code

Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool.

This flaw, if exploited, could allow attackers to execute arbitrary code remotely, posing a significant threat to systems using this software.

The vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) identifier, highlighting its severity and the need for immediate attention by users of Apache HugeGraph.

The specific details of the CVEs are given below.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin

This vulnerability, classified as a Remote Command Execution (RCE), poses a serious risk as it allows unauthorized remote execution of commands.

The issue is prevalent in environments running Java 8 and Java 11, making various installations vulnerable to potential attacks.

Recommended Actions:

  • Upgrade to Version 1.3.0: Users are urged to upgrade their Apache HugeGraph-Server installations to version 1.3.0.
  • This version addresses the RCE vulnerability and is optimized for Java 11, which offers improved performance and security features.
  • Enable Authentication System: Strengthening security configurations by enabling the authentication system is crucial.
  • This system helps verify and authenticate user access, providing an additional layer of security.
  • Implement Whitelist-IP/Port Function: To enhance the security of RESTful-API execution further, enabling the Whitelist-IP/port function is recommended.
  • This function restricts API access to only those IP addresses and ports that are explicitly allowed, significantly reducing the risk of malicious access.

CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode

This critical flaw affects all versions from the initial release 1.0.0 up to, but not including, the more secure 1.3.0 version.

The vulnerability allows attackers to bypass authentication mechanisms by spoofing legitimate user credentials, potentially leading to unauthorized access and control over the HugeGraph-Server.

Urgent Security Measures:

  • Immediate Upgrade Required: Users must promptly upgrade to Apache HugeGraph-Server version 1.3.0.
  • This version contains necessary fixes that address the authentication bypass vulnerability, closing the door on this particular method of system compromise.
  • Activate Whitelist-IP/Port: Enabling the Whitelist-IP/port function is strongly advised as an additional security precaution.
  • This security feature limits RESTful-API execution to trusted IP addresses and ports, providing a robust defense against unauthorized access.

CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page

This moderate severity issue allows attackers to send crafted requests from the server, potentially leading to unauthorized actions and information disclosure from internal systems that are otherwise inaccessible from the external network.

Recommended Remedial Actions:

  • Upgrade to Version 1.3.0: Users of Apache HugeGraph-Hubble must upgrade their systems to version 1.3.0 as soon as possible.
  • This updated version includes patches that effectively resolve the SSRF vulnerability, enhancing the server’s security against such exploitation techniques.

The discovery of this critical vulnerability in Apache HugeGraph underscores the importance of maintaining up-to-date software and implementing robust security measures. 

Organizations using HugeGraph should act swiftly to apply the provided updates and secure their systems against potential threats. 

Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has…

1 hour ago

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as a…

1 hour ago

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black Banshee,”…

1 hour ago

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear phishing…

2 hours ago

Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core Update…

5 hours ago

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded by…

6 hours ago