GHSA-c6f9-4pmv-m7m6

Suggest an improvement
Source
https://github.com/advisories/GHSA-c6f9-4pmv-m7m6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c6f9-4pmv-m7m6/GHSA-c6f9-4pmv-m7m6.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-c6f9-4pmv-m7m6
Aliases
  • CVE-2012-1574
Published
2022-05-17T02:54:07Z
Modified
2024-12-06T05:34:11.470589Z
Summary
Apache Hadoop allows impersonation of arbitrary cluster user accounts
Details

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

Database specific
{
    "nvd_published_at": "2012-04-12T10:45:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T21:08:04Z"
}
References

Affected packages

Maven / org.apache.hadoop:hadoop-main

Package

Name
org.apache.hadoop:hadoop-main
View open source insights on deps.dev
Purl
pkg:maven/org.apache.hadoop/hadoop-main

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.23
Fixed
0.23.2

Affected versions

0.*

0.23.1

Maven / org.apache.hadoop:hadoop-main

Package

Name
org.apache.hadoop:hadoop-main
View open source insights on deps.dev
Purl
pkg:maven/org.apache.hadoop/hadoop-main

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0
Fixed
1.0.2