CVE-2018-11765

CVSS v3.1 7.5 (High)

CVSS v2.0 4.3 (Medium)

EPSS 0.27 % (68^th)

Affected Products 1

Advisories 1

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

Weaknesses

CWE-287: Improper Authentication

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2020-09-30 18:15:15
(4 years ago)
Updated Date: 2023-11-07 02:51:45
(10 months ago)

Affected Products

Apache

Hadoop

Configuration #1

	CPE23	From	Up To
Apache Hadoop from 2.8.0 version and 2.8.5 and prior versions	cpe:2.3:a:apache:hadoop	>= 2.8.0	<= 2.8.5
Apache Hadoop from 2.9.0 version and 2.9.2 and prior versions	cpe:2.3:a:apache:hadoop	>= 2.9.0	<= 2.9.2
Apache Hadoop 3.0.0	cpe:2.3:a:apache:hadoop:3.0.0:-
Apache Hadoop 3.0.0 Alpha2	cpe:2.3:a:apache:hadoop:3.0.0:alpha2