GHSA-p8xr-4v2c-rvgp

Suggest an improvement
Source
https://github.com/advisories/GHSA-p8xr-4v2c-rvgp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-p8xr-4v2c-rvgp/GHSA-p8xr-4v2c-rvgp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-p8xr-4v2c-rvgp
Aliases
  • CVE-2015-1836
Published
2018-10-18T18:04:50Z
Modified
2023-11-08T03:57:50.996364Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
High severity vulnerability that affects org.apache.hbase:hbase
Details

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

References

Affected packages

Maven / org.apache.hbase:hbase

Package

Name
org.apache.hbase:hbase
View open source insights on deps.dev
Purl
pkg:maven/org.apache.hbase/hbase

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.98
Fixed
0.98.12.1

Affected versions

0.*

0.98.0-hadoop1
0.98.0-hadoop2
0.98.1-hadoop1
0.98.1-hadoop2
0.98.2-hadoop1
0.98.2-hadoop2
0.98.3-hadoop1
0.98.3-hadoop2
0.98.4-hadoop1
0.98.4-hadoop2
0.98.5-hadoop1
0.98.5-hadoop2
0.98.6-hadoop1
0.98.6-hadoop2
0.98.6.1-hadoop1
0.98.6.1-hadoop2
0.98.7-hadoop1
0.98.7-hadoop2
0.98.8-hadoop1
0.98.8-hadoop2
0.98.9-hadoop1
0.98.9-hadoop2
0.98.10-hadoop1
0.98.10-hadoop2
0.98.10.1-hadoop1
0.98.10.1-hadoop2
0.98.11-hadoop1
0.98.11-hadoop2
0.98.12-hadoop1
0.98.12-hadoop2

Database specific

{
    "last_known_affected_version_range": "<= 0.98.12.0"
}

Maven / org.apache.hbase:hbase

Package

Name
org.apache.hbase:hbase
View open source insights on deps.dev
Purl
pkg:maven/org.apache.hbase/hbase

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.1.1

Affected versions

1.*

1.0.0
1.0.1

Database specific

{
    "last_known_affected_version_range": "<= 1.0.1.0"
}

Maven / org.apache.hbase:hbase

Package

Name
org.apache.hbase:hbase
View open source insights on deps.dev
Purl
pkg:maven/org.apache.hbase/hbase

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1.0
Fixed
1.1.0.1

Affected versions

1.*

1.1.0