[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2018-11764] Apache Hadoop Privilege escalation in web endpoint
From: Akira Ajisaka <aajisaka () apache ! org>
Date: 2020-10-21 6:21:39
Message-ID: CAP+3qq4w3UX6hdjr2SszhtfXUpbrg16PMyyJPHT+8PXimBTPMg () mail ! gmail ! com
[Download RAW message or body]
CVE-2018-11764: Apache Hadoop Privilege escalation in web endpoint
Severity: Critical
Vendor: The Apache Software Foundation
Versions affected:
3.0.0-alpha4, 3.0.0-beta1, and 3.0.0
Description:
Web endpoint authentication check is broken. Authenticated users may
impersonate any user even if no proxy user is configured.
Mitigation:
Users should upgrade to Apache Hadoop 3.0.1 or upper.
Credit:
This issue was discovered by Daryn Sharp.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic