Lucene search

Redhat.comRH:CVE-2018-11764

HistoryOct 21, 2020 - 3:25 p.m.

CVE-2018-11764

2020-10-2115:25:07

redhat.com

access.redhat.com

cve-2018-11764

apache hadoop

web endpoint

authentication check

broken

authenticated users

impersonate

proxy user

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.5%

JSON

A flaw was found in Apache Hadoop, where the Web endpoint authentication check is broken. This flaw allows authenticated users to impersonate any user even if no proxy user is configured.

References

bugzilla.redhat.com/show_bug.cgi?id=1890161

nvd.nist.gov/vuln/detail/CVE-2018-11764

www.cve.org/CVERecord?id=CVE-2018-11764

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.5%

JSON

Related for RH:CVE-2018-11764