CVE-2018-11764: Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.

Affected

2 ranges

Vendor	Product	Version range	Fixed in
apache	hadoop	—	—
apache	hadoop	—	—