Apache Submarine Commons Utils has a hard-coded secret
Moderate severity
GitHub Reviewed
Published
Jun 12, 2024
to the GitHub Advisory Database
•
Updated Oct 14, 2024
Description
Published by the National Vulnerability Database
Jun 12, 2024
Published to the GitHub Advisory Database
Jun 12, 2024
Reviewed
Jun 12, 2024
Last updated
Oct 14, 2024
Improper Authentication vulnerability in Apache Submarine Commons Utils.
This issue affects Apache Submarine Commons Utils: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. If the user doesn't explicitly set
submarine.auth.default.secret
, a default value will be used. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References