High severityNVD Advisory· Published Oct 21, 2020· Updated Aug 5, 2024
CVE-2018-11764
CVE-2018-11764
Description
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hadoop:hadoop-mainMaven | >= 3.0.0-alpha4, < 3.0.1 | 3.0.1 |
org.apache.hadoop:hadoop-mainMaven | >= 3.0.0-beta1, < 3.0.1 | 3.0.1 |
org.apache.hadoop:hadoop-mainMaven | >= 3.0.0, < 3.0.1 | 3.0.1 |
Affected products
2- Apache/Hadoopdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-4fh8-pm7g-pmxqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-11764ghsaADVISORY
- lists.apache.org/thread.html/r790ad0a049cde713b93589ecfd4dd2766fda0fc6807eedb6cf69f5c1%40%3Cgeneral.hadoop.apache.org%3Eghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20201103-0003ghsaWEB
- security.netapp.com/advisory/ntap-20201103-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.