CVE-2018-8025

CWE-362Race Condition6 documents6 sources
Severity
8.1HIGH
EPSS
0.6%
top 29.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache HbaseApache Software Foundation Apache Hbase
Timeline
PublishedJun 27
Latest updateOct 18

Description

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5,

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

Mavenorg.apache.hbase:hbase-thrift2.0.02.0.1+3
NVDapache/hbase2.0.0+1
CVEListV5apache_software_foundation/apache_hbaseApache Tomcat 1.x and 2.x, excluding 1.0.0

🔴Vulnerability Details

3
GHSA
Race condition in org.apache.hbase:hbase-thrift2018-10-18
OSV
Race condition in org.apache.hbase:hbase-thrift2018-10-18
CVEList
CVE-2018-8025: CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP2018-06-27

📋Vendor Advisories

1
Red Hat
hbase: race-condition in "Thrift 1" API server2018-05-31

💬Community

1
Bugzilla
CVE-2018-8025 hbase: race-condition in "Thrift 1" API server2018-07-02
CVE-2018-8025 (HIGH CVSS 8.1) | CVE-2018-8025 describes an issue in | cvebase.io