CNNVD-202511-2897 Information

CNNVD ID

CNNVD-202511-2897

Related CVE

CVE-2025-59390

• CNNVD Published: 2025-11-26

Description (Chinese)

Apache Druid是美国阿帕奇（Apache）基金会的一款使用Java语言编写的、面向列的开源分布式数据库。 Apache Druid 34.0.0及之前版本存在安全漏洞，该漏洞源于Kerberos认证器使用弱回退密钥，可能导致认证绕过。

Description (English)

Apache Druid is an open-source, column-oriented database of the Apache Foundation in Java. There is a security loophole in Apache Druid 34.0.0 and earlier versions, which stems from the use of weak back keys by the Kerberos certifier, which may result in the certification being bypassed.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-11-26

Last Modified

2026-02-24

References

https://lists.apache.org/thread/jwjltllnntgj1sb9wzsjmvwm9f8rlhg8 http://www.openwall.com/lists/oss-security/2025/11/26/1 https://access.redhat.com/security/cve/cve-2025-59390

Patch

https://lists.apache.org/thread/jwjltllnntgj1sb9wzsjmvwm9f8rlhg8