CVE-2021-36749 : Exploit Details and Defense Strategies

Apache Druid has a vulnerability that allows authenticated users to read data from unintended sources, such as the local file system, using the HTTP InputSource. Despite an earlier fix attempt, the issue persists in versions 0.21.1 and earlier.

Understanding CVE-2021-36749

This CVE highlights a security loophole in Apache Druid, enabling authenticated users to access data from sources they are not authorized to.

What is CVE-2021-36749?

In the Druid ingestion system, the HTTP InputSource permits authenticated users to read data from unintended sources like the local file system.

The Impact of CVE-2021-36749

This vulnerability could allow users to bypass application-level restrictions and potentially access sensitive data.

Technical Details of CVE-2021-36749

The vulnerability lies in the InputSource functionality, particularly the HTTP InputSource, allowing users to read data from unauthorized sources.

Vulnerability Description

Users interacting with Druid indirectly through an application allowing HTTP InputSource specification could exploit this issue.

Affected Systems and Versions

Apache Druid versions 0.21.1 and earlier are affected by this vulnerability.

Exploitation Mechanism

By passing a file URL to the HTTP InputSource, users can circumvent application-level restrictions.

Mitigation and Prevention

To address CVE-2021-36749, users are advised to upgrade to version 0.22.0 or later to eliminate this security risk.

Immediate Steps to Take

Upgrade to Apache Druid version 0.22.0 or above to mitigate this vulnerability.

Long-Term Security Practices

Disallowing InputSources that can read local files like Local, HTTP, and HDFS InputSources can enhance security.

Patching and Updates

Regularly updating Apache Druid to the latest version is crucial to prevent vulnerabilities like CVE-2021-36749.