oss-sec mailing list archives
[CVE-2018-11764] Apache Hadoop Privilege escalation in web endpoint
From: Akira Ajisaka <aajisaka () apache org>
Date: Wed, 21 Oct 2020 15:21:39 +0900
CVE-2018-11764: Apache Hadoop Privilege escalation in web endpoint Severity: Critical Vendor: The Apache Software Foundation Versions affected: 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0 Description: Web endpoint authentication check is broken. Authenticated users may impersonate any user even if no proxy user is configured. Mitigation: Users should upgrade to Apache Hadoop 3.0.1 or upper. Credit: This issue was discovered by Daryn Sharp.
Current thread:
- [CVE-2018-11764] Apache Hadoop Privilege escalation in web endpoint Akira Ajisaka (Oct 20)