cnvd - cnvd-2023-05273

cnvd-2023-05273

Vulnerability from cnvd

Title: Apache Calcite点击劫持漏洞

Description:

Apache Calcite是一个动态数据管理框架，它具备很多典型数据库管理系统的功能，比如SQL解析、SQL校验、SQL查询优化、SQL生成以及数据连接查询等。

Apache Calcite 1.26之前版本存在点击劫持漏洞，该漏洞源于程序未充分保护HTML iframe。攻击者可利用该漏洞发起中间人攻击。

Severity: 中

Patch Name: Apache Calcite点击劫持漏洞的补丁

Patch Description:

Apache Calcite是一个动态数据管理框架，它具备很多典型数据库管理系统的功能，比如SQL解析、SQL校验、SQL查询优化、SQL生成以及数据连接查询等。

Apache Calcite 1.26之前版本存在点击劫持漏洞，该漏洞源于程序未充分保护HTML iframe。攻击者可利用该漏洞发起中间人攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://lists.apache.org/thread.html/r0b0fbe2038388175951ce1028182d980f9e9a7328be13d52dab70bb3%40%3Cdev.calcite.apache.org%3E

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13955

Impacted products

Name
Apache Calcite <1.26

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-13955",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-13955"
    }
  },
  "description": "Apache Calcite\u662f\u4e00\u4e2a\u52a8\u6001\u6570\u636e\u7ba1\u7406\u6846\u67b6\uff0c\u5b83\u5177\u5907\u5f88\u591a\u5178\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u7684\u529f\u80fd\uff0c\u6bd4\u5982SQL\u89e3\u6790\u3001SQL\u6821\u9a8c\u3001SQL\u67e5\u8be2\u4f18\u5316\u3001SQL\u751f\u6210\u4ee5\u53ca\u6570\u636e\u8fde\u63a5\u67e5\u8be2\u7b49\u3002\n\nApache Calcite 1.26\u4e4b\u524d\u7248\u672c\u5b58\u5728\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u5145\u5206\u4fdd\u62a4HTML iframe\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u8d77\u4e2d\u95f4\u4eba\u653b\u51fb\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lists.apache.org/thread.html/r0b0fbe2038388175951ce1028182d980f9e9a7328be13d52dab70bb3%40%3Cdev.calcite.apache.org%3E",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-05273",
  "openTime": "2023-01-30",
  "patchDescription": "Apache Calcite\u662f\u4e00\u4e2a\u52a8\u6001\u6570\u636e\u7ba1\u7406\u6846\u67b6\uff0c\u5b83\u5177\u5907\u5f88\u591a\u5178\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u7684\u529f\u80fd\uff0c\u6bd4\u5982SQL\u89e3\u6790\u3001SQL\u6821\u9a8c\u3001SQL\u67e5\u8be2\u4f18\u5316\u3001SQL\u751f\u6210\u4ee5\u53ca\u6570\u636e\u8fde\u63a5\u67e5\u8be2\u7b49\u3002\r\n\r\nApache Calcite 1.26\u4e4b\u524d\u7248\u672c\u5b58\u5728\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u5145\u5206\u4fdd\u62a4HTML iframe\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u8d77\u4e2d\u95f4\u4eba\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Calcite\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Calcite \u003c1.26"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-13955",
  "serverity": "\u4e2d",
  "submitTime": "2020-10-11",
  "title": "Apache Calcite\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e"
}

CVE-2020-13955 (GCVE-0-2020-13955)

Vulnerability from cvelistv5

Published

2020-10-09 12:33

Modified

2024-08-04 12:32

Severity ?

CWE

Information Disclosure

Summary

HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore.

References

▼	URL	Tags
	https://lists.apache.org/thread.html/r0b0fbe2038388175951ce1028182d980f9e9a7328be13d52dab70bb3%40%3Cdev.calcite.apache.org%3E	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Apache Calcite	Version: Apache Calcite 0.8 to 1.25

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.444Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0b0fbe2038388175951ce1028182d980f9e9a7328be13d52dab70bb3%40%3Cdev.calcite.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Calcite",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Calcite 0.8 to 1.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-09T12:33:50",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r0b0fbe2038388175951ce1028182d980f9e9a7328be13d52dab70bb3%40%3Cdev.calcite.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-13955",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Calcite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Calcite 0.8 to 1.25"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r0b0fbe2038388175951ce1028182d980f9e9a7328be13d52dab70bb3%40%3Cdev.calcite.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r0b0fbe2038388175951ce1028182d980f9e9a7328be13d52dab70bb3%40%3Cdev.calcite.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-13955",
    "datePublished": "2020-10-09T12:33:50",
    "dateReserved": "2020-06-08T00:00:00",
    "dateUpdated": "2024-08-04T12:32:14.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted