Apache Impala 2.8.0 Authentication Bypass Vulnerability

Apache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. It was noticed that a malicious process impersonating an Impala daemon could cause Impala daemons to skip authentication checks when Kerberos is enabled but TLS is not. If the malicious server respond...