漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client
Vulnerability Description
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks. This issue affects all versions from before 0.10.0. Users are recommended to upgrade to version 0.10.0, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
对宿主不匹配的证书验证不恰当
Vulnerability Title
Apache Uniffle 安全漏洞
Vulnerability Description
Apache Uniffle是Apache基金会的一个远程混洗服务。 Apache Uniffle 0.10.0之前版本存在安全漏洞,该漏洞源于HTTP客户端配置不安全,信任所有SSL证书并禁用主机名验证,可能导致中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A