GHSA-c6f9-4pmv-m7m6

Source

https://github.com/advisories/GHSA-c6f9-4pmv-m7m6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c6f9-4pmv-m7m6/GHSA-c6f9-4pmv-m7m6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c6f9-4pmv-m7m6

Aliases

CVE-2012-1574

Published

2022-05-17T02:54:07Z

Modified

2024-12-06T05:37:36.225387Z

Summary

Apache Hadoop allows impersonation of arbitrary cluster user accounts

Details

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

Database specific

{
    "nvd_published_at": "2012-04-12T10:45:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T21:08:04Z"
}

References

Affected packages

Maven / org.apache.hadoop:hadoop-main

Package

Name: org.apache.hadoop:hadoop-main; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hadoop/hadoop-main

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.23

Fixed

0.23.2

Affected versions

0.*

0.23.1

Maven / org.apache.hadoop:hadoop-main

Package

Name: org.apache.hadoop:hadoop-main; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hadoop/hadoop-main

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0

Fixed

1.0.2