In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-09-30 18:15
Updated : 2024-02-04 21:23
NVD link : CVE-2018-11765
Mitre link : CVE-2018-11765
CVE.ORG link : CVE-2018-11765
JSON object : View
Products Affected
apache
- hadoop
CWE
CWE-287
Improper Authentication