Lucene search

GoogleOSV:GHSA-RHH9-CM65-3W54

HistoryApr 30, 2021 - 5:29 p.m.

Improper Authentication in Apache Hadoop

2021-04-3017:29:30

Google

osv.dev

0.003 Low

EPSS

Percentile

67.9%

JSON

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

CPENameOperatorVersion
org.apache.hadoop:hadoop-maineq3.0.0
org.apache.hadoop:hadoop-maineq3.0.0-alpha3
org.apache.hadoop:hadoop-maineq2.8.3
org.apache.hadoop:hadoop-maineq2.9.1
org.apache.hadoop:hadoop-maineq2.8.2
org.apache.hadoop:hadoop-maineq2.9.2
org.apache.hadoop:hadoop-maineq3.0.0-alpha4
org.apache.hadoop:hadoop-maineq2.8.4
org.apache.hadoop:hadoop-maineq3.0.0-alpha2
org.apache.hadoop:hadoop-maineq3.0.0-beta1

Name	Operator	Version
org.apache.hadoop:hadoop-main	eq	3.0.0
org.apache.hadoop:hadoop-main	eq	3.0.0-alpha3
org.apache.hadoop:hadoop-main	eq	2.8.3
org.apache.hadoop:hadoop-main	eq	2.9.1
org.apache.hadoop:hadoop-main	eq	2.8.2
org.apache.hadoop:hadoop-main	eq	2.9.2
org.apache.hadoop:hadoop-main	eq	3.0.0-alpha4
org.apache.hadoop:hadoop-main	eq	2.8.4
org.apache.hadoop:hadoop-main	eq	3.0.0-alpha2
org.apache.hadoop:hadoop-main	eq	3.0.0-beta1

Rows per page:

1-10 of 141

References

lists.apache.org/thread.html/r17d94d132b207dad221595fd8b8b18628f5f5ec7e3f5be939ecd8928@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/r2c7f899911a04164ed1707083fcd4135f8427e04778c87d83509b0da%40%3Cgeneral.hadoop.apache.org%3E

lists.apache.org/thread.html/r46447f38ea8c89421614e9efd7de5e656186d35e10fc97cf88477a01@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/r74825601e93582167eb7cdc2f764c74c9c6d8006fa90018562fda60f@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/r79b15c5b66c6df175d01d7560adf0cd5c369129b9a161905e0339927@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/rb241464d83baa3749b08cd3dabc8dba70a9a9027edcef3b5d4c24ef4@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/rbe25cac0f499374f8ae17a4a44a8404927b56de28d4c41940d82b7a4@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/reea5eb8622afbfbfca46bc758f79db83d90a3263a906c4d1acba4971@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/rf9dfa8b77585c9227db9637552eebb2ab029255a0db4eb76c2b6c4cf@%3Cdev.druid.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2018-11765

security.netapp.com/advisory/ntap-20201016-0005

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for OSV:GHSA-RHH9-CM65-3W54