Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2018-1296
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.
| Software | From | Fixed in |
|---|---|---|
| apache / hadoop | 3.0.0-alpha1 | 3.0.0-alpha1.x |
| apache / hadoop | 3.0.0-alpha2 | 3.0.0-alpha2.x |
| apache / hadoop | 2.8.0 | 2.8.0.x |
| apache / hadoop | 3.0.0-alpha3 | 3.0.0-alpha3.x |
| apache / hadoop | 3.0.0-alpha4 | 3.0.0-alpha4.x |
| apache / hadoop | 3.0.0-beta1 | 3.0.0-beta1.x |
| apache / hadoop | 2.5.0 | 2.7.5.x |
| apache / hadoop | 2.8.1 | 2.8.1.x |
| apache / hadoop | 2.8.2 | 2.8.2.x |
| apache / hadoop | 2.8.3 | 2.8.3.x |
| apache / hadoop | 2.9.0 | 2.9.0.x |
| apache / hadoop | 3.0.0 | 3.0.0.x |
org.apache.hadoop / hadoop-main
|
- | 2.7.6 |
|
org.apache.hadoop / hadoop-main
|
2.8.0 | 2.8.4 |
|
org.apache.hadoop / hadoop-main
|
2.9.0 | 2.9.0.x |
|
org.apache.hadoop / hadoop-main
|
2.9.0 | 2.9.1 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime