174 matches found
The vulnerability of the distributed database management system Apache Impala, related to the storage of passwords in an unencrypted form, allows attackers to expose the protected information.
The vulnerability of the distributed database management system Apache Impala lies in the storage of passwords in an unencrypted form. Exploiting this vulnerability could allow a malicious actor to disclose the protected information remotely...
CVE-2021-28131
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
CVE-2021-28131
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
CVE-2021-28131
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
Authorization
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
CVE-2021-28131
CVE-2021-28131 (Impala): The vulnerability arises because a 16-byte session secret is logged, enabling an authenticated user to hijack another user’s session and execute statements with privileges not held. Affected deployments with Apache Sentry, Apache Ranger, or audit logging may face privileg...
CVE-2021-28131 Impala logs contain secrets
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
CVE-2021-28131
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
Apache Impala 日志信息泄露漏洞
Apache Impala is a large-scale, distributed parallel processing database query system of the United States Apache Apache Foundation. The system is capable of querying petabytes of big data stored in HDFS Distributed File System and HBase database in Hadoop big data analytics software. A log...
The vulnerability of the distributed database management system Apache Impala, related to errors in information encryption, allows attackers to increase their privileges.
The vulnerability of the distributed database management system Apache Impala is related to errors in information encryption. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...
Malicious Package in impala
Version 1.1.7 of impala contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.1.7 of this module is found installed you will want...
GHSA-92PX-Q4W8-HRR5 Malicious Package in impala
Version 1.1.7 of impala contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.1.7 of this module is found installed you will want...
Malicious Package in @impala/bmap
Version 1.0.3 of @impala/bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installed you wil...
GHSA-C82C-8PJW-6829 Malicious Package in @impala/bmap
Version 1.0.3 of @impala/bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installed you wil...
Unspecified vulnerability in Cloudera CDH (CNVD-2020-14226)
Cloudera CDH is an open source Hadoop platform from Cloudera. The platform provides scalable storage and distributed computing, as well as a Web-based user interface and other enterprise features. A security vulnerability exists in Cloudera CDH versions prior to 5.7.1 that stems from the inabilit...
CVE-2019-14449
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting XSS when viewed within this product...
CVE-2019-14449
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting XSS when viewed within this product...
Cross site scripting
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting XSS when viewed within this product...
CVE-2019-14449
CVE-2019-14449 affects Cloudera Manager: versions 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1 are vulnerable. The issue is a Cross-Site Scripting (XSS) flaw resulting from insufficient validation of client-side data in the WEB application, exploitable via malicious impala querie...
CVE-2016-4572
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...