You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hadoop.apache.org by Akira Ajisaka <aa...@apache.org> on 2020/10/21 06:20:45 UTC
[CVE-2018-11764] Apache Hadoop Privilege escalation in web endpoint
CVE-2018-11764: Apache Hadoop Privilege escalation in web endpoint
Severity: Critical
Vendor: The Apache Software Foundation
Versions affected:
3.0.0-alpha4, 3.0.0-beta1, and 3.0.0
Description:
Web endpoint authentication check is broken. Authenticated users may
impersonate any user even if no proxy user is configured.
Mitigation:
Users should upgrade to Apache Hadoop 3.0.1 or upper.
Credit:
This issue was discovered by Daryn Sharp.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@hadoop.apache.org
For additional commands, e-mail: user-help@hadoop.apache.org