GHSA-f8vc-wfc8-hxqh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f8vc-wfc8-hxqh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-f8vc-wfc8-hxqh/GHSA-f8vc-wfc8-hxqh.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-f8vc-wfc8-hxqh
- Aliases
- Published
- 2022-02-09T22:17:38Z
- Modified
- 2024-03-08T05:18:25.839276Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Improper Privilege Management in Apache Hadoop
- Details
-
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
- Database specific
{ "github_reviewed": true, "severity": "HIGH", "github_reviewed_at": "2021-04-06T18:29:12Z", "nvd_published_at": "2021-01-26T18:16:00Z", "cwe_ids": [ "CWE-269", "CWE-863" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-9492
- https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://security.netapp.com/advisory/ntap-20210304-0001
- https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E
- https://github.com/apache/hadoop
Affected packages
Maven / org.apache.hadoop:hadoop-common
Package
- Name
- org.apache.hadoop:hadoop-common
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hadoop/hadoop-common
Maven / org.apache.hadoop:hadoop-common
Package
- Name
- org.apache.hadoop:hadoop-common
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hadoop/hadoop-common
Maven / org.apache.hadoop:hadoop-common
Package
- Name
- org.apache.hadoop:hadoop-common
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hadoop/hadoop-common
Affected versions
2.*
2.0.1-alpha
2.0.2-alpha
2.0.3-alpha
2.0.4-alpha
2.0.5-alpha
2.0.6-alpha
2.1.0-beta
2.1.1-beta
2.2.0
2.3.0
2.4.0
2.4.1
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.9.0
2.9.1
2.9.2
2.10.0