Apache HertzBeat has been affected by a vulnerability that affects versions prior to 1.6.1 and could allow unauthorized actors to access sensitive information.
The vulnerability tracked as CVE-2024-45791 with a CVSS score of 7.5, involves the exposure of sensitive tokens via HTTP GET method with query string. This could potentially be exploited by the threat actors to gain unauthorized access to sensitive data, compromising the confidentiality of monitored systems and user information.
The Apache Software Foundation has issued an advisory urging all users to update their HertzBeat installations to version 1.6.1 or later that includes the necessary security patches to address the vulnerability and prevent unauthorized access to sensitive information.
While the exact details of the vulnerability have not been disclosed to prevent potential exploitation, the issue highlights the importance of regular security audits and timely updates for open-source software projects.
Users and administrators of Apache HertzBeat are advised to review their current installations, apply the necessary updates, and follow best security practices for securing their monitoring environments to protect against potential data exfiltration attempts.
