Impala Security Vulnerabilities and Issues — Impala CVE List

Lucene search

ApacheImpala

3 matches found

CVE•added 2019/11/05 8:15 p.m.•46 views

CVE-2019-10084

In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and ...

7.5CVSS7.6AI score0.00099EPSS

CVE•added 2021/07/22 10:15 a.m.•44 views

CVE-2021-28131

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the a...

7.5CVSS7.8AI score0.00593EPSS

CVE•added 2017/07/10 8:29 p.m.•39 views

CVE-2017-5652

During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift...

7.5CVSS7.4AI score0.00333EPSS