Vulnerabilities > CVE-2021-36152 - Unspecified vulnerability in Apache Gobblin

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

apache

NVD

Published: 2022-02-04

Updated: 2022-02-09

Summary

Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Gobblin *	1

References

https://lists.apache.org/thread/3bxf7rbf4zh95r78jtgth6gwhr5fyl2j