VYPR
High severityNVD Advisory· Published Feb 7, 2019· Updated Sep 16, 2024

CVE-2018-1296

CVE-2018-1296

Description

In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.hadoop:hadoop-mainMaven
< 2.7.62.7.6
org.apache.hadoop:hadoop-mainMaven
>= 2.8.0, < 2.8.42.8.4
org.apache.hadoop:hadoop-mainMaven
>= 2.9.0, < 2.9.12.9.1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.