GHSA-rhh9-cm65-3w54
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rhh9-cm65-3w54
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-rhh9-cm65-3w54/GHSA-rhh9-cm65-3w54.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-rhh9-cm65-3w54
- Aliases
- Published
- 2021-04-30T17:29:30Z
- Modified
- 2024-02-17T05:34:25.579486Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Improper Authentication in Apache Hadoop
- Details
-
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
- Database specific
{ "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-04-27T21:56:41Z", "cwe_ids": [ "CWE-287" ], "nvd_published_at": "2020-09-30T18:15:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-11765
- https://lists.apache.org/thread.html/r17d94d132b207dad221595fd8b8b18628f5f5ec7e3f5be939ecd8928@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r2c7f899911a04164ed1707083fcd4135f8427e04778c87d83509b0da%40%3Cgeneral.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r46447f38ea8c89421614e9efd7de5e656186d35e10fc97cf88477a01@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r74825601e93582167eb7cdc2f764c74c9c6d8006fa90018562fda60f@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r79b15c5b66c6df175d01d7560adf0cd5c369129b9a161905e0339927@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rb241464d83baa3749b08cd3dabc8dba70a9a9027edcef3b5d4c24ef4@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rbe25cac0f499374f8ae17a4a44a8404927b56de28d4c41940d82b7a4@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/reea5eb8622afbfbfca46bc758f79db83d90a3263a906c4d1acba4971@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rf9dfa8b77585c9227db9637552eebb2ab029255a0db4eb76c2b6c4cf@%3Cdev.druid.apache.org%3E
- https://security.netapp.com/advisory/ntap-20201016-0005
Affected packages
Maven / org.apache.hadoop:hadoop-main
Package
- Name
- org.apache.hadoop:hadoop-main
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hadoop/hadoop-main
Maven / org.apache.hadoop:hadoop-main
Package
- Name
- org.apache.hadoop:hadoop-main
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hadoop/hadoop-main
Maven / org.apache.hadoop:hadoop-main
Package
- Name
- org.apache.hadoop:hadoop-main
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hadoop/hadoop-main