57 matches found
Improper Authorization in org.apache.hbase:hbase
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
Apache Hbase Authorization Bypass Vulnerability
Apache Hbase is the United States Apache Apache Software Foundation, a set of column-oriented distributed database built on Apache Hadoop and Apache ZooKeeper. The database is suitable for unstructured data storage. A security vulnerability exists in Apache Hbase versions 2.0.0 through 2.0.4 and...
Privilege Escalation
apache hbase REST server is vulnerable to privilege escalation. Requests sent to the HBase REST server are executed with the permissions of the REST server instead of the end-user. This vulnerability exists when HBase is configured with Kerberos authentication with HBase authorization enabled and...
Authentication flaw
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
CVE-2019-0212
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
CVE-2019-0212
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
CVE-2019-0212
CVE-2019-0212 affects Apache HBase 2.x (versions 2.0.0–2.0.4 and 2.1.0–2.1.3). The vulnerability is in the HBase REST server where authorization was incorrectly applied to REST users; requests were executed with the REST server’s permissions rather than those of the end user. The issue is relevan...
CVE-2019-0212
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
com.github.CCweixiao:hbase-sdk-thrift-core_1.x (>=2.0.7 <=2.0.8), org.apache.hbase:hbase-assembly (>=1.4.0 <=1.4.13) +1 more potentially affected by CVE-2018-8025 via org.apache.hbase:hbase-thrift (>=1.4.0 <=1.4.4)
org.apache.hbase:hbase-thrift MAVEN version =1.4.0, =2.0.7, =1.4.0, =1.4.0, =1.4.13 Source cves: CVE-2018-8025 Source advisory: OSV:GHSA-R86J-2GC6-2CQ9...
GHSA-R86J-2GC6-2CQ9 Race condition in org.apache.hbase:hbase-thrift
An issue in Apache HBase affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be...
com.github.CCweixiao:hbase-sdk-thrift (=3.0.0), com.hydraql:hydraql-thrift (>=1.0.1 <=1.0.4) +2 more potentially affected by CVE-2018-8025 via org.apache.hbase:hbase-thrift (>=0.96.0-hadoop1 <=1.2.0)
org.apache.hbase:hbase-thrift MAVEN version =0.96.0-hadoop1, =1.0.1, =0.96.0-hadoop1, =0.98.24-hadoop1 Source cves: CVE-2018-8025 Source advisory: OSV:GHSA-R86J-2GC6-2CQ9...
org.apache.hbase:hbase-assembly (=2.0.0), org.apache.hbase:hbase-examples (=2.0.0) potentially affected by CVE-2018-8025 via org.apache.hbase:hbase-thrift (=2.0.0)
org.apache.hbase:hbase-thrift MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hbase:hbase-thrift and may be impacted: - org.apache.hbase:hbase-assembly =2.0.0 - org.apache.hbase:hbase-examples =2.0.0 Source cves:...
Race condition in org.apache.hbase:hbase-thrift
An issue in Apache HBase affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be...
GHSA-P8XR-4V2C-RVGP High severity vulnerability that affects org.apache.hbase:hbase
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service daemon outage, obtai...
High severity vulnerability that affects org.apache.hbase:hbase
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service daemon outage, obtai...
CVE-2018-8025
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...
Apache HBase Security Restriction Bypass Vulnerability
Apache HBase is the United States Apache Apache Software Foundation, a set of column-oriented distributed database built on Apache Hadoop and Apache ZooKeeper. The database is suitable for unstructured data storage. A security vulnerability exists in Apache Hbase version 1.x and version 2.x. An...
CVE-2018-8025
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...
Race condition
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...
CVE-2018-8025
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...