{"id":"CVE-2019-0202","details":"The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.","aliases":["GHSA-r9pv-hg64-jqrp"],"modified":"2026-03-12T22:56:57.227547Z","published":"2019-07-26T00:15:11.027Z","related":["SUSE-SU-2020:2876-1","SUSE-SU-2020:3309-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f%40%3Cuser.storm.apache.org%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/storm","events":[{"introduced":"20ce2bb9088e793b3b019110d07e77896bb642e8"},{"last_affected":"d2d6f40344e6cc92ab07f3a462d577ef6b61f8b1"},{"introduced":"0"},{"last_affected":"ffc7a81bfba60c735dd6801af4f5e8db3812658c"},{"introduced":"0"},{"last_affected":"79089ad0da80e38eb36b7ea91be8b43795dc4efb"}],"database_specific":{"versions":[{"introduced":"0.9.3"},{"last_affected":"1.2.2"},{"introduced":"0"},{"last_affected":"0.9.1-incubating"},{"introduced":"0"},{"last_affected":"0.9.2-incubating"}]}}],"versions":["v0.9.2-incubating-security","v0.9.3","v1.0.0","v1.0.1","v1.1.0","v1.2.0","v1.2.1","v1.2.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-0202.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}