GHSA-qmh2-h7r6-gm6q

Suggest an improvement
Source
https://github.com/advisories/GHSA-qmh2-h7r6-gm6q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qmh2-h7r6-gm6q/GHSA-qmh2-h7r6-gm6q.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-qmh2-h7r6-gm6q
Aliases
  • CVE-2012-3376
Published
2022-05-17T02:54:07Z
Modified
2023-11-08T03:57:05.917360Z
Summary
Client BlockTokens not checked in Apache Hadoop
Details

DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.

Database specific 
{
    "github_reviewed": true,
    "cwe_ids": [],
    "nvd_published_at": "2012-07-12T19:55:00Z",
    "github_reviewed_at": "2022-07-13T21:25:16Z",
    "severity": "HIGH"
}
References

Affected packages

Maven / org.apache.hadoop:hadoop-client

Package

Name
org.apache.hadoop:hadoop-client
View open source insights on deps.dev
Purl
pkg:maven/org.apache.hadoop/hadoop-client

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0-alpha
Fixed
2.0.1-alpha

Affected versions

2.*

2.0.0-alpha