CVE-2012-1574

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

Published Bysecalert@redhat.com

Published DateApr 12, 2012, 10:45

Affected Versions(2)

org.apache.hadoop:hadoop-main(Maven)

Introduced0.23

Fixed0.23.2

LimitN/A

org.apache.hadoop:hadoop-main(Maven)

Introduced1.0

Fixed1.0.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.hadoop:hadoop-main(Maven)	0.23	0.23.2	N/A
org.apache.hadoop:hadoop-main(Maven)	1.0	1.0.2	N/A

Weakness Type (CWE):CWE-310

CVSS Metrics

Base Score

6.5

Vector String

AV:N/AC:L/Au:S/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-310

CVSS Metrics

Base Score

6.5

Vector String

AV:N/AC:L/Au:S/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL