CVE-2018-11764

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:hadoop:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*

History

03 Jun 2022, 18:57

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20201103-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20201103-0003/ - Third Party Advisory

Information

Published : 2020-10-21 19:15

Updated : 2024-02-04 21:23


NVD link : CVE-2018-11764

Mitre link : CVE-2018-11764

CVE.ORG link : CVE-2018-11764


JSON object : View

Products Affected

apache

  • hadoop
CWE
CWE-306

Missing Authentication for Critical Function