CVE-2018-11767
First published: Mon Mar 18 2019(Updated: )
In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Hadoop | >=2.7.5<=2.7.6 | |
| Apache Hadoop | >=2.8.3<=2.8.4 | |
| Apache Hadoop | >=2.9.0<=2.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.apache.org/thread.html/246cf223e7dc0c1dff90b78dccb6c3fe94e1a044dbf98e2333393302@%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/5a44590b4eedc5e25f5bd3081d1631b52c174b5b99157f7950ddc270@%3Ccommon-dev.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/5fb771f66946dd5c99a8a5713347c24873846f555d716f9ac17bccca@%3Cgeneral.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
- https://security.netapp.com/advisory/ntap-20190416-0009/
- https://lists.apache.org/thread.html/5fb771f66946dd5c99a8a5713347c24873846f555d716f9ac17bccca%40%3Cgeneral.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/246cf223e7dc0c1dff90b78dccb6c3fe94e1a044dbf98e2333393302%40%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/5a44590b4eedc5e25f5bd3081d1631b52c174b5b99157f7950ddc270%40%3Ccommon-dev.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
Frequently Asked Questions
What is CVE-2018-11767?
CVE-2018-11767 is a vulnerability in Apache Hadoop versions 2.7.5 to 2.7.6, 2.8.3 to 2.8.4, and 2.9.0 to 2.9.1 that can result in KMS incorrectly blocking users or granting access to users.
How does CVE-2018-11767 affect Apache Hadoop?
CVE-2018-11767 affects Apache Hadoop by incorrectly blocking or granting access to users if the system uses non-default group mapping mechanisms.
What is the severity of CVE-2018-11767?
CVE-2018-11767 has a severity rating of high with a CVSS score of 7.4.
Which versions of Apache Hadoop are affected by CVE-2018-11767?
CVE-2018-11767 affects Apache Hadoop versions 2.7.5 to 2.7.6, 2.8.3 to 2.8.4, and 2.9.0 to 2.9.1.
How can I fix CVE-2018-11767 in Apache Hadoop?
To fix CVE-2018-11767 in Apache Hadoop, it is recommended to upgrade to a patched version of the software.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/tags
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache hadoop
- version/apache hadoop/2.7.5
- version/apache hadoop/2.7.6
- version/apache hadoop/2.8.3
- version/apache hadoop/2.8.4
- version/apache hadoop/2.9.0
- version/apache hadoop/2.9.1