Threat actors are actively exploiting a recently discovered critical security flaw affecting Apache HugeGraph-Server that could lead to remote code execution attacks.
Tracked as CVE-2024-27348 (CVSS score: 9.8), art vulnerability affects all software versions prior to 1.3.0. This has been described as a remote command error in Gremlin Graph traversal language API.
“Users are advised to upgrade to version 1.3.0 with Java11 and enable the authentication system, which fixes the problem” – Apache Software Foundation noted at the end of April 2024 “Also, you can enable the “Whitelist-IP/port” function to increase the security of the RESTful-API execution.”
Additional technical specifications The flaw was published by penetration testing firm SecureLayer7 in early June, which claimed it could allow an attacker to bypass sandboxing restrictions and achieve code execution, giving them full control over a vulnerable server.
The Shadowserver Foundation said this week that it has spotted exploit attempts in the wild that will take advantage of the flaw, so users need to apply the latest patches quickly.
“We are observing attempts to exploit the Apache HugeGraph-Server CVE-2024-27348 RCE ‘POST /gremlin’ from various sources,” it said. said. The “(proof of concept) code has been publicly available since early June. If you run HugeGraph, be sure to update.”
Vulnerabilities discovered in the Apache project have been lucrative attack vectors for nation-states and financially motivated threat actors in recent years, and flaws in Log4j, ActiveMQ, and RocketMQ have been heavily exploited to infiltrate target environments.
