CVE-2019-0202: Inclusion of Sensitive Information in Log Files

July 25, 2019 (updated October 9, 2019)

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions it is possible to read files off the host’s file system that were not intended to be accessible via these endpoints.

References

mvnrepository.com/artifact/org.apache.storm/storm-core
nvd.nist.gov/vuln/detail/CVE-2019-0202

Detect and mitigate CVE-2019-0202 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →