CVE-2018-11765

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-11765
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11765.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-11765
Aliases
Published
2020-09-30T18:15:15.477Z
Modified
2026-02-11T10:30:12.848292Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

References

Affected packages

Git / github.com/apache/hadoop

Affected ranges

Type
GIT
Repo
https://github.com/apache/hadoop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c25427ceca461ee979d30edd7a4b0f50718e6533
Introduced
756ebc8394e473ac25feac05fa493f6d612e6c50
Last affected
826afbeae31ca687bc2f8471dc841b66ed2c6704
Introduced
91f2b7a13d1e97be65db92ddabc627cc29ac0009
Last affected
0b8464d75227fcee2c6e7f2410377b3d53d3d5f8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11765.json"