Search for packages
| purl | pkg:maven/org.apache.mesos/mesos@0.14.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1uq6-h79y-v3gs
Aliases: CVE-2018-8023 GHSA-c8cc-p3j7-4c7f |
Information Exposure Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos, the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-669z-7etj-cugk
Aliases: CVE-2017-9790 GHSA-vpcv-78cp-whr3 |
Use After Free When handling a libprocess message wrapped in an HTTP request, `libprocess` in Apache Mesos crashes if the request path is empty, because the parser assumes the request path always starts with `/`. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-ceau-ygrr-3be2
Aliases: CVE-2018-1000421 GHSA-5q7j-8hpc-4848 |
Server-Side Request Forgery (SSRF) An improper authorization vulnerability exists in the Jenkins Mesos Plugin in `MesosCloud.java` that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-dyhh-befu-a3a3
Aliases: CVE-2017-7687 GHSA-x869-784m-jmj2 |
Uncontrolled Resource Consumption When handling a decoding failure for a malformed URL path of an HTTP request, `libprocess` in Apache Mesos might crash because the code accidentally calls inappropriate function. A malicious actor can cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-t39q-ds43-9kee
Aliases: CVE-2018-11793 GHSA-p2xq-vcm7-xjj6 |
Improper Restriction of Operations within the Bounds of a Memory Buffer When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos might overflow the stack due to unbounded recursion. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-yvsq-zaa9-kqg6
Aliases: CVE-2018-1000420 GHSA-23xr-9xxr-vg3c |
Incorrect Authorization An improper authorization vulnerability exists in the Jenkins Mesos Plugin in `MesosCloud.java` that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||