Lucene search
GoogleOSV:CVE-2017-5646HistoryMay 26, 2017 - 9:29 p.m.
CVE-2017-5646
2017-05-2621:29:00
Google
osv.dev
1
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release.
| CPE | Name | Operator | Version |
|---|---|---|---|
| knox | eq | 0.4.0-rc1 | |
| knox | eq | 0.5.0-branch | |
| knox | eq | 0.4.0-branch | |
| knox | eq | 0.2.0-rc2 | |
| knox | eq | 0.3.0-branch | |
| knox | eq | 0.2.0-rc1 | |
| knox | eq | 0.4.0-release | |
| knox | eq | 0.2.0-branch | |
| knox | eq | 0.1.0-m1 | |
| knox | eq | 0.4.0-rc0 |
Related
nvd
nvd
CVE-2017-5646
2017-05-26 21:29:00
cvelist
cvelist
CVE-2017-5646
2017-05-26 21:00:00
prion
prion
Code injection
2017-05-26 21:29:00
veracode
veracode
Escalation Of Privileges
2017-05-27 03:13:27
cve
cve
CVE-2017-5646
2017-05-26 21:29:00