CVE-2024-22281

CVE-2024-22281

Name

CVE-2024-22281

Description

** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://lists.apache.org/thread/zt26fpmrqx3fzcy8nv3b43kb3xllo5ny
Mailing List	http://www.openwall.com/lists/oss-security/2024/08/20/3

Type

URI

vendor-advisory

https://lists.apache.org/thread/zt26fpmrqx3fzcy8nv3b43kb3xllo5ny

Mailing List

http://www.openwall.com/lists/oss-security/2024/08/20/3

CPE URI	Source package	Min version	Max version
	apache-helix-front-(ui)	>= 0	<= *
`cpe:2.3:a:apache:helix::::::::`	helix	== None	== None

CPE URI

Source package

Min version

Max version

apache-helix-front-(ui)

>= 0

<= *

cpe:2.3:a:apache:helix:*:*:*:*:*:*:*:*

helix

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
helix	edge-community	25.07.1-r2	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
helix	edge-community	25.07.1-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
helix	edge-community	25.07.1-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
helix	edge-community	25.01.1-r3	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
helix	edge-community	25.01.1-r2	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
helix	edge-community	25.01.1-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
helix	edge-community	25.01.1-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
helix	edge-community	24.07-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
helix	3.23-community	25.07.1-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
helix	3.22-community	25.01.1-r3	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
helix	3.22-community	24.07-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

helix

edge-community

25.07.1-r2

Jakub Jirutka <jakub@jirutka.cz>

possibly vulnerable

helix

edge-community