CVE-2018-11765

Summary

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

Affected Software

VendorProductVersion RangeStatus
n/aApache HadoopApache Hadoop 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References