com.approvaltests:approvaltests-hadoop (>=2.0.0 <=7.0.0), io.brooklyn.example:brooklyn-example-hello-world-hadoop-webapp (>=0.4.0 <=0.7.0-M1) +6 more potentially affected by CVE-2012-4449 via org.apache.hadoop:hadoop-client (>=1.0.2 <=1.0.3)

org.apache.hadoop:hadoop-client MAVEN version =1.0.2, =2.0.0, =0.4.0, =0.12, =0.13, =0.3.0-incubating, =0.4.0-incubating, =0.3.0-incubating, =0.6.0 Source cves: CVE-2012-4449 Source advisory: OSV:GHSA-Q46V-CJ5V-HVG6...

CVE-2012-4449

CVE-2012-4449 affects Apache Hadoop: prior to 0.23.4, 1.x prior to 1.0.4, and 2.x prior to 2.0.2, token passwords are generated using a 20‑bit secret when Kerberos security features are enabled. This weak secret can be brute‑force cracked, enabling context‑dependent attackers to compromise secret...