4 matches found
org.apache.beam:beam-runners-twister2 (>=2.23.0 <=2.74.0), org.apache.ignite:ignite-mesos (>=2.7.0 <=2.12.0) +5 more potentially affected by CVE-2018-8023 via org.apache.mesos:mesos (=1.5.0)
org.apache.mesos:mesos MAVEN version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.mesos:mesos and may be impacted: - org.apache.beam:beam-runners-twister2 =2.23.0, =2.7.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.8.0 Source cves:...
CVE-2018-8023
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...
CVE-2018-8023
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...
CVE-2018-8023
The provided records confirm CVE-2018-8023 affects Apache Mesos: pre-1.4.2, 1.5.0, 1.5.1, and 1.6.0 have a timing-attack flaw in JWT HMAC verification due to using a non-constant-time string comparison. This may enable an attacker to deduce the correct HMAC value during JWT validation. Several co...