Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-05T08:17:09.093Z

Reserved: 2018-06-05T00:00:00

Link: CVE-2018-11764

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-21T19:15:13.543

Modified: 2024-11-21T03:43:59.023

Link: CVE-2018-11764

cve-icon Redhat

Severity : Important

Publid Date: 2020-10-21T00:00:00Z

Links: CVE-2018-11764 - Bugzilla

cve-icon OpenCVE Enrichment

No data.