CVE-2018-11765

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-11765

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11765.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-11765

Aliases

GHSA-rhh9-cm65-3w54

Published

2020-09-30T18:15:15.477Z

Modified

2026-04-10T04:04:39.808320Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

References

Affected packages

Git / github.com/apache/hadoop

Affected ranges

Type

GIT

Repo

https://github.com/apache/hadoop

Events

Introduced

91f2b7a13d1e97be65db92ddabc627cc29ac0009

Last affected

0b8464d75227fcee2c6e7f2410377b3d53d3d5f8

Introduced

756ebc8394e473ac25feac05fa493f6d612e6c50

Last affected

826afbeae31ca687bc2f8471dc841b66ed2c6704

Introduced

Last affected

c25427ceca461ee979d30edd7a4b0f50718e6533

Introduced

Last affected

1337ef4eef14fbbb214e71b68b7eb07061a4a212

Database specific

{
    "versions": [
        {
            "introduced": "2.8.0"
        },
        {
            "last_affected": "2.8.5"
        },
        {
            "introduced": "2.9.0"
        },
        {
            "last_affected": "2.9.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha2"
        }
    ]
}

Affected versions

Other

rel/release-

rel/release-2.*

rel/release-2.8.5

rel/release-2.9.2

rel/release-3.*

rel/release-3.0.0

rel/release-3.0.0-alpha2

release-2.*

release-2.8.5-RC0

release-2.9.2-RC0

release-3.*

release-3.0.0-RC0

release-3.0.0-RC1

release-3.0.0-alpha2-RC0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11765.json"