CVE-2018-8088 Information
Description
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/103737 http://www.securitytracker.com/id/1040627 https://access.redhat.com/errata/RHSA-2018:0582 https://access.redhat.com/errata/RHSA-2018:0592 https://access.redhat.com/errata/RHSA-2018:0627 https://access.redhat.com/errata/RHSA-2018:0628 https://access.redhat.com/errata/RHSA-2018:0629 https://access.redhat.com/errata/RHSA-2018:0630 https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https://access.redhat.com/errata/RHSA-2018:1249 https://access.redhat.com/errata/RHSA-2018:1251 https://access.redhat.com/errata/RHSA-2018:1323 https://access.redhat.com/errata/RHSA-2018:1447 https://access.redhat.com/errata/RHSA-2018:1448 https://access.redhat.com/errata/RHSA-2018:1449 https://access.redhat.com/errata/RHSA-2018:1450 https://access.redhat.com/errata/RHSA-2018:1451 https://access.redhat.com/errata/RHSA-2018:1525 https://access.redhat.com/errata/RHSA-2018:1575 https://access.redhat.com/errata/RHSA-2018:2143 https://access.redhat.com/errata/RHSA-2018:2419 https://access.redhat.com/errata/RHSA-2018:2420 https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2930 https://access.redhat.com/errata/RHSA-2019:2413 https://access.redhat.com/errata/RHSA-2019:3140 https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405 https://jira.qos.ch/browse/SLF4J-430 https://jira.qos.ch/browse/SLF4J-431 https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@3Cdevnull.infra.apache.org3E https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@3Cdevnull.infra.apache.org3E https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489@3Ccommon-issues.hadoop.apache.org3E https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0@3Ccommon-issues.hadoop.apache.org3E https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25@3Cnotifications.logging.apache.org3E https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991@3Ccommon-issues.hadoop.apache.org3E https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78@3Ccommon-commits.hadoop.apache.org3E https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462@3Ccommon-commits.hadoop.apache.org3E https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378@3Ccommon-dev.hadoop.apache.org3E https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264@3Ccommon-issues.hadoop.apache.org3E https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: