Apache Druid vulnerabilities

CVE-2020-1958 [MEDIUM] CWE-74 CVE-2020-1958: When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set o When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs c