In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-08-05T08:17:09.112Z
Reserved: 2018-06-05T00:00:00
Link: CVE-2018-11765

No data.

Status : Modified
Published: 2020-09-30T18:15:15.477
Modified: 2024-11-21T03:43:59.153
Link: CVE-2018-11765


No data.