You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
CVE-2018-11765 - High Severity Vulnerability
Vulnerable Library - hadoop-common-2.8.5.jar
Apache Hadoop Common
Path to dependency file: /pom.xml
Path to vulnerable library: /ory/org/apache/hadoop/hadoop-common/2.8.5/hadoop-common-2.8.5.jar
Dependency Hierarchy:
Found in HEAD commit: dd7cd6660b3c3d0de5f379d8294b49e38a94ca65
Found in base branch: master
Vulnerability Details
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
Publish Date: 2020-09-30
URL: CVE-2018-11765
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1883549
Release Date: 2020-07-21
Fix Resolution: org.apache.hadoop:hadoop-common:2.8.6,2.9.3,3.0.1
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: