Vulnerability Database

296,746

Total vulnerabilities in the database

CVE-2018-11764

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.

Published: Oct 21, 2020
Updated: May 9, 2024
CVE: CVE-2018-11764
GHSA: GHSA-4fh8-pm7g-pmxq
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
apache / hadoop	3.0.0-alpha4	3.0.0-alpha4.x
apache / hadoop	3.0.0-beta1	3.0.0-beta1.x
apache / hadoop	3.0.0	3.0.0.x
org.apache.hadoop / hadoop-main	3.0.0-alpha4	3.0.0-alpha4.x
org.apache.hadoop / hadoop-main	3.0.0-alpha4	3.0.1
org.apache.hadoop / hadoop-main	3.0.0-beta1	3.0.0-beta1.x
org.apache.hadoop / hadoop-main	3.0.0-beta1	3.0.1
org.apache.hadoop / hadoop-main	3.0.0	3.0.0.x
org.apache.hadoop / hadoop-main	3.0.0	3.0.1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime