CVE-2018-1320
ADVISORY - githubSummary
Apache Thrift Java client library versions 0.5.0 prior to 0.9.3-1 and 0.10.0 prior to 0.12.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
EPSS Score: 0.00092 (0.256)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Certificate Validation
ADVISORY - gitlab
ADVISORY - redhat
Improper Authentication
NIST
CREATED
UPDATED
ADVISORY IDCVE-2018-1320
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highGitHub
CVSS SCORE
7.5highDebian
CREATED
UPDATED
ADVISORY IDCVE-2018-1320
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2018-1320
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2018-1320
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-j6pj-cf6r-2g3f
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-w2gp-wc62-wqxq
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-