Lucene search
K

57 matches found

Github Security Blog
Github Security Blog
added 2019/04/02 3:47 p.m.23 views

Improper Authorization in org.apache.hbase:hbase

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

7.5CVSS4AI score0.03853EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2019/04/01 12:0 a.m.3 views

Apache Hbase Authorization Bypass Vulnerability

Apache Hbase is the United States Apache Apache Software Foundation, a set of column-oriented distributed database built on Apache Hadoop and Apache ZooKeeper. The database is suitable for unstructured data storage. A security vulnerability exists in Apache Hbase versions 2.0.0 through 2.0.4 and...

7.5CVSS7.1AI score0.03853EPSS
Exploits0References1
Veracode
Veracode
added 2019/03/29 5:44 a.m.14 views

Privilege Escalation

apache hbase REST server is vulnerable to privilege escalation. Requests sent to the HBase REST server are executed with the permissions of the REST server instead of the end-user. This vulnerability exists when HBase is configured with Kerberos authentication with HBase authorization enabled and...

7.5CVSS7.5AI score0.03853EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2019/03/28 10:29 p.m.18 views

Authentication flaw

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

6CVSS7.4AI score0.03853EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2019/03/28 10:29 p.m.27 views

CVE-2019-0212

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

7.5CVSS7.4AI score0.03853EPSS
Exploits0References5
OSV
OSV
added 2019/03/28 10:29 p.m.18 views

CVE-2019-0212

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

7.5CVSS7AI score
Exploits0References5
CVE
CVE
added 2019/03/28 9:24 p.m.93 views

CVE-2019-0212

CVE-2019-0212 affects Apache HBase 2.x (versions 2.0.0–2.0.4 and 2.1.0–2.1.3). The vulnerability is in the HBase REST server where authorization was incorrectly applied to REST users; requests were executed with the REST server’s permissions rather than those of the end user. The issue is relevan...

7.5CVSS7.3AI score0.03853EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2019/03/28 9:24 p.m.31 views

CVE-2019-0212

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

7.4AI score0.03853EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2018/10/18 6:5 p.m.7 views

com.github.CCweixiao:hbase-sdk-thrift-core_1.x (>=2.0.7 <=2.0.8), org.apache.hbase:hbase-assembly (>=1.4.0 <=1.4.13) +1 more potentially affected by CVE-2018-8025 via org.apache.hbase:hbase-thrift (>=1.4.0 <=1.4.4)

org.apache.hbase:hbase-thrift MAVEN version =1.4.0, =2.0.7, =1.4.0, =1.4.0, =1.4.13 Source cves: CVE-2018-8025 Source advisory: OSV:GHSA-R86J-2GC6-2CQ9...

8.1CVSS7.2AI score0.01759EPSS
Exploits0
OSV
OSV
added 2018/10/18 6:5 p.m.11 views

GHSA-R86J-2GC6-2CQ9 Race condition in org.apache.hbase:hbase-thrift

An issue in Apache HBase affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be...

8.1CVSS5.7AI score0.01759EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2018/10/18 6:5 p.m.4 views

com.github.CCweixiao:hbase-sdk-thrift (=3.0.0), com.hydraql:hydraql-thrift (>=1.0.1 <=1.0.4) +2 more potentially affected by CVE-2018-8025 via org.apache.hbase:hbase-thrift (>=0.96.0-hadoop1 <=1.2.0)

org.apache.hbase:hbase-thrift MAVEN version =0.96.0-hadoop1, =1.0.1, =0.96.0-hadoop1, =0.98.24-hadoop1 Source cves: CVE-2018-8025 Source advisory: OSV:GHSA-R86J-2GC6-2CQ9...

8.1CVSS7.4AI score0.01759EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/18 6:5 p.m.4 views

org.apache.hbase:hbase-assembly (=2.0.0), org.apache.hbase:hbase-examples (=2.0.0) potentially affected by CVE-2018-8025 via org.apache.hbase:hbase-thrift (=2.0.0)

org.apache.hbase:hbase-thrift MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hbase:hbase-thrift and may be impacted: - org.apache.hbase:hbase-assembly =2.0.0 - org.apache.hbase:hbase-examples =2.0.0 Source cves:...

8.1CVSS7.2AI score0.01759EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/18 6:5 p.m.20 views

Race condition in org.apache.hbase:hbase-thrift

An issue in Apache HBase affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be...

8.1CVSS8.1AI score0.01759EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2018/10/18 6:4 p.m.23 views

GHSA-P8XR-4V2C-RVGP High severity vulnerability that affects org.apache.hbase:hbase

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service daemon outage, obtai...

7.3CVSS7.2AI score0.07425EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2018/10/18 6:4 p.m.24 views

High severity vulnerability that affects org.apache.hbase:hbase

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service daemon outage, obtai...

7.5CVSS6.8AI score0.07425EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2018/07/02 10:33 p.m.27 views

CVE-2018-8025

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...

8.1CVSS2.2AI score0.01759EPSS
Exploits0References2
CNVD
CNVD
added 2018/07/02 12:0 a.m.3 views

Apache HBase Security Restriction Bypass Vulnerability

Apache HBase is the United States Apache Apache Software Foundation, a set of column-oriented distributed database built on Apache Hadoop and Apache ZooKeeper. The database is suitable for unstructured data storage. A security vulnerability exists in Apache Hbase version 1.x and version 2.x. An...

8.1CVSS8AI score0.01759EPSS
Exploits0References1
NVD
NVD
added 2018/06/27 3:29 p.m.29 views

CVE-2018-8025

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...

8.1CVSS8.1AI score0.01759EPSS
Exploits0References2
Prion
Prion
added 2018/06/27 3:29 p.m.13 views

Race condition

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...

6.8CVSS8AI score0.01759EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/06/27 3:29 p.m.19 views

CVE-2018-8025

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...

8.1CVSS6.7AI score
Exploits0References2
Rows per page
Query Builder