EUVD-2017-14734

Malware in sbrugna...

CVE-2021-42357

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be...

Apache Knox allows impersonation of users

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be...

GHSA-G3FC-8JV4-QMMV Apache Knox allows impersonation of users

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be...

Cross-site Scripting in Apache Knox SSO

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be...

Apache Knox SSO Cross-Site Scripting Vulnerability

Knox Sso is the Apache Foundation's Web Ui Sso Single Sign-On feature for your cluster. A security vulnerability exists in Apache Knox SSO that stems from a URL parsing error that could craft requests to redirect users to a malicious page. A request containing a specially crafted request paramete...

CVE-2021-42357

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be...

CVE-2021-42357

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be...

Design/Logic Flaw

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be...

CVE-2021-42357

CVE-2021-42357 affects Apache Knox SSO prior to 1.6.1. The issue arises from improper URL parsing, allowing a crafted request parameter to redirect users to an attacker-controlled page. Practical impact described across sources is a user-facing redirect that would need exposure outside the normal...

CVE-2021-42357 DOM based XSS Vulnerability in Apache Knox

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be...

Apache Knox SSO 跨站脚本漏洞

Knox Sso is the Apache Foundation's Web Ui Sso Single Sign-On feature for your cluster. A security vulnerability exists in Apache Knox SSO that stems from a URL parsing error that could craft requests to redirect users to a malicious page. A request containing a specially crafted request paramete...

Apache Knox User Emulation Vulnerability

Apache Knox is an application gateway for Apache Hadoop deployments to interact with the REST API and UI from the Apache Software Foundation. A user emulation vulnerability exists in Apache Knox versions 0.2.0 through 0.11.0. An attacker can exploit the vulnerability by impersonating another user...

Escalation Of Privileges

Apache Knox is vulnerable to privilege escalation. This is possible due to a flaw in the handling of authentication in WebHDFS through knox. It allows authenticated users to impersonate another user and potentially access unauthorized data or escalate privileges. The attack attempts are logged an...

CVE-2017-5646

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be...

Code injection

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be...

CVE-2017-5646

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be...

CVE-2017-5646

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be...

CVE-2017-5646

Summary: Apache Knox versions 0.2.0–0.11.0 are vulnerable to an impersonation weakness when accessing WebHDFS, allowing an authenticated user to impersonate another user via a specially crafted URL, potentially enabling escalated privileges and unauthorized data access. The activity is audit logg...