CVE-2024-43441— Apache HugeGraph-Server: Fixed JWT Token(Secret)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-43441
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache HugeGraph-Server: Fixed JWT Token(Secret)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用假设不可变数据进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache HugeGraph 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache HugeGraph是美国阿帕奇(Apache)基金会的一个速度快、可扩展性强的图形数据库。 Apache HugeGraph 1.0.0版本至1.5.0之前版本存在安全漏洞,该漏洞源于存在假定不可变数据漏洞,攻击者可以绕过身份验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache HugeGraph-Server | 1.0.0 ~ 1.5.0 | - |
II. Public POCs for CVE-2024-43441
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%BC%8F%E6%B4%9E/Apache%20HugeGraph%20JWT%20Token%20%E5%AF%86%E9%92%A5%E7%A1%AC%E7%BC%96%E7%A0%81%E6%BC%8F%E6%B4%9E%20CVE-2024-43441.md | POC Details |
| 2 | https://github.com/vulhub/vulhub/blob/master/hugegraph/CVE-2024-43441/README.md | POC Details | |
| 3 | Apache HugeGraph-Server versions prior to 1.5.0 contain an authentication bypass vulnerability caused by assumed-immutable data. This flaw allows attackers to bypass authentication mechanisms without requiring specific privileges or user interaction. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-43441.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-43441
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-302
- CVE-2026-28510
elabftw allows MFA bypass during login - CVE-2026-27840
ZITADEL's truncated opaque tokens are still valid - CVE-2024-45370
Socomec Easy Config System 安全漏洞 - CVE-2025-47158
Azure DevOps Server Elevation of Privilege Vulnerability - CVE-2025-20285
Cisco Identity Services Engine IP Filter Access Restriction
V. Comments for CVE-2024-43441
No comments yet