CVE-2018-11765
published 2020-09-30CVE-2018-11765: In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | 2.8.0 – 2.8.5 | — |
| apache | hadoop | 2.9.0 – 2.9.2 | — |