Описание
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.
A flaw was found in Apache Hadoop, where the Web endpoint authentication check is broken. This flaw allows authenticated users to impersonate any user even if no proxy user is configured.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | hadoop | Not affected | ||
| Red Hat Integration Camel K 1 | hadoop | Not affected | ||
| Red Hat JBoss Data Grid 7 | hadoop-core | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | hadoop-core | Out of support scope | ||
| Red Hat JBoss Fuse 6 | hadoop-core | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hadoop | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1890161hadoop: privilege escalation in web endpoint
EPSS
Процентиль: 40%
0.00185
Низкий
8.8 High
CVSS3
Связанные уязвимости
CVSS3: 8.8
nvd
больше 5 лет назад
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.
CVSS3: 8.8
debian
больше 5 лет назад
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alp ...
EPSS
Процентиль: 40%
0.00185
Низкий
8.8 High
CVSS3