CVE-2018-11765

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-11765
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11765.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-11765
Aliases
Published
2020-09-30T18:15:15Z
Modified
2024-09-02T23:31:18Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

References

Affected packages

Git / github.com/apache/hadoop

Affected ranges

Type
GIT
Repo
https://github.com/apache/hadoop
Events
Introduced
91f2b7a13d1e97be65db92ddabc627cc29ac0009
Last affected
0b8464d75227fcee2c6e7f2410377b3d53d3d5f8
Last affected
1337ef4eef14fbbb214e71b68b7eb07061a4a212
Introduced
756ebc8394e473ac25feac05fa493f6d612e6c50
Last affected
826afbeae31ca687bc2f8471dc841b66ed2c6704
Last affected
c25427ceca461ee979d30edd7a4b0f50718e6533