Impala@2.8.0 Security Vulnerabilities and Issues — Impala@2.8.0 CVE List

Lucene search

ApacheImpala2.8.0

3 matches found

CVE•added 2017/07/10 8:29 p.m.•51 views

CVE-2017-5640

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has comp...

9.8CVSS9.4AI score0.01296EPSS

CVE•added 2017/10/04 1:29 a.m.•42 views

CVE-2017-9792

In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...

6.5CVSS6.5AI score0.00207EPSS

CVE•added 2017/07/10 8:29 p.m.•37 views

CVE-2017-5652

During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift...

7.5CVSS7.4AI score0.00333EPSS