VYPR
High severity8.1NVD Advisory· Published Jun 27, 2018· Updated Jun 17, 2026

CVE-2018-8025

CVE-2018-8025

Description

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.hbase:hbase-thriftMaven
>= 2.0.0, < 2.0.12.0.1
org.apache.hbase:hbase-thriftMaven
>= 1.4.0, < 1.4.51.4.5
org.apache.hbase:hbase-thriftMaven
>= 1.3.0, < 1.3.2.11.3.2.1
org.apache.hbase:hbase-thriftMaven
< 1.2.6.11.2.6.1

Affected products

2

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.