1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-P8XR-4V2C-RVGP

[MAVEN:GHSA-P8XR-4V2C-RVGP] High severity vulnerability that affects org.apache.hbase:hbase

Severity High
Affected Packages 3
Fixed Packages 3
CVEs 1
Info Packages References Vulnerabilities

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

Package Affected Version
pkg:maven/org.apache.hbase/hbase >= 1.0.0, <= 1.0.1.0
pkg:maven/org.apache.hbase/hbase >= 0.98, <= 0.98.12.0
pkg:maven/org.apache.hbase/hbase = 1.1.0
Package Fixed Version
pkg:maven/org.apache.hbase/hbase = 1.0.1.1
pkg:maven/org.apache.hbase/hbase = 0.98.12.1
pkg:maven/org.apache.hbase/hbase = 1.1.0.1
ID
MAVEN:GHSA-P8XR-4V2C-RVGP
Severity
high
URL
https://github.com/advisories/GHSA-p8xr-4v2c-rvgp
Published
2018-10-18T18:04:50
(6 years ago)
Modified
2023-01-09T05:03:19
(20 months ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.apache.hbase/hbase org.apache.hbase hbase >= 1.0.0 <= 1.0.1.0
Fixed pkg:maven/org.apache.hbase/hbase org.apache.hbase hbase = 1.0.1.1
Affected pkg:maven/org.apache.hbase/hbase org.apache.hbase hbase >= 0.98 <= 0.98.12.0
Fixed pkg:maven/org.apache.hbase/hbase org.apache.hbase hbase = 0.98.12.1
Affected pkg:maven/org.apache.hbase/hbase org.apache.hbase hbase = 1.1.0
Fixed pkg:maven/org.apache.hbase/hbase org.apache.hbase hbase = 1.1.0.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date