CVE-2018-11785

Опубликовано: 24 окт. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.

Ссылки

http://www.securityfocus.com/bid/105742
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247%40%3Cdev.impala.apache.org%3E
http://www.securityfocus.com/bid/105742
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247%40%3Cdev.impala.apache.org%3E

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:impala:*:*:*:*:*:*:*:*

Версия до 3.0.1 (исключая)

EPSS

Процентиль: 29%

0.00108

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-4jv4-cqp4-66cr