CVE-2012-1574 — Improper Authentication in Apache Hadoop

CWE-310 CWE-287 — Improper Authentication4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 35.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Hadoop Cloudera CDH Cloudera Hadoop

Timeline

PublishedApr 12

Latest updateMay 17

Description

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶NVDcloudera/hadoop0.20-sbin, 0.20.1\+169, 0.20.2\+923+2

▶NVDapache/hadoop7 versions+6

▶NVDcloudera/cloudera_cdhcdh3

🔴Vulnerability Details

OSV

Apache Hadoop allows impersonation of arbitrary cluster user accounts↗2022-05-17

▶

GHSA

Apache Hadoop allows impersonation of arbitrary cluster user accounts↗2022-05-17

▶

CVEList

CVE-2012-1574: The Kerberos/MapReduce security functionality in Apache Hadoop 0↗2012-04-12

▶