Lucene search
Veracode Vulnerability DatabaseVERACODE:4309HistoryMay 27, 2017 - 3:13 a.m.
Escalation Of Privileges
2017-05-2703:13:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
34.4%
Apache Knox is vulnerable to privilege escalation. This is possible due to a flaw in the handling of authentication in WebHDFS through knox. It allows authenticated users to impersonate another user and potentially access unauthorized data or escalate privileges. The attack attempts are logged and can be traced back to the authenticated user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gateway-provider-identity-assertion-common | le | 0.11.0 |
References
mail-archives.apache.org/mod_mbox/knox-user/201705.mbox/%3CCACRbFyjtT7QQGHUzTRdbJoySbJb7tt4BDk5-r-VRn0GB0Kgvag%40mail.gmail.com%3E
www.securityfocus.com/bid/98739
issues.apache.org/jira/browse/KNOX-906
lists.apache.org/thread.html/rcd6bcbcc08840d4e4bea661efe9a5ef8f6126ebbbc5bc266701d8f48@%3Cdev.logging.apache.org%3E
Related
nvd
nvd
CVE-2017-5646
2017-05-26 21:29:00
cvelist
cvelist
CVE-2017-5646
2017-05-26 21:00:00
prion
prion
Code injection
2017-05-26 21:29:00
cve
cve
CVE-2017-5646
2017-05-26 21:29:00
osv
osv
CVE-2017-5646
2017-05-26 21:29:00