CVE-2018-11764

Summary

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.

Affected Software

VendorProductVersion RangeStatus
n/aApache HadoopApache Hadoop 3.0.0-alpha4, 3.0.0-beta1, 3.0.0affected

Weaknesses

  • Privilege Escalation

ADP Enrichment

CVE Program Container

Additional References

References