HomePentest-Tools.com Logo

Apache Hadoop KMS ACL Regression Vulnerability CVE-2018-11767

Severity
CVSSv3 Score
7.4
Vulnerability description

Apache Hadoop is prone to a KMS ACL regression vulnerability.

Risk description

After the security fix for CVE-2017-15713, KMS has an access control regression, blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms such as LdapGroupsMapping, CompositeGroupsMapping, or NullGroupsMapping.

Recommendation

Upgrade to version 2.7.7, 2.8.5, 2.9.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 21, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available