[jira] [Updated] (DRILL-6192) Drill is vulnerable to CVE-2017-12197
[ https://issues.apache.org/jira/browse/DRILL-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arina Ielchiieva updated DRILL-6192: Affects Version/s: 1.12.0 > Drill is vulnerable to CVE-2017-12197 > - > > Key: DRILL-6192 > URL: https://issues.apache.org/jira/browse/DRILL-6192 > Project: Apache Drill > Issue Type: Bug >Affects Versions: 1.12.0 >Reporter: Volodymyr Tkach >Assignee: Volodymyr Tkach >Priority: Major > Labels: ready-to-commit > Fix For: 1.13.0 > > > The current version of libpam4j bundled with MCS does not perform any > authorization check. Any user with valid password could access the cluster > even if the user account is disabled/password expired/'not allowed to access > the service(pam_access ..)' etc.. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (DRILL-6192) Drill is vulnerable to CVE-2017-12197
[ https://issues.apache.org/jira/browse/DRILL-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arina Ielchiieva updated DRILL-6192: Labels: ready-to-commit (was: ) > Drill is vulnerable to CVE-2017-12197 > - > > Key: DRILL-6192 > URL: https://issues.apache.org/jira/browse/DRILL-6192 > Project: Apache Drill > Issue Type: Bug >Affects Versions: 1.12.0 >Reporter: Volodymyr Tkach >Assignee: Volodymyr Tkach >Priority: Major > Labels: ready-to-commit > Fix For: 1.13.0 > > > The current version of libpam4j bundled with MCS does not perform any > authorization check. Any user with valid password could access the cluster > even if the user account is disabled/password expired/'not allowed to access > the service(pam_access ..)' etc.. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (DRILL-6192) Drill is vulnerable to CVE-2017-12197
[ https://issues.apache.org/jira/browse/DRILL-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pritesh Maker updated DRILL-6192: - Fix Version/s: 1.13.0 > Drill is vulnerable to CVE-2017-12197 > - > > Key: DRILL-6192 > URL: https://issues.apache.org/jira/browse/DRILL-6192 > Project: Apache Drill > Issue Type: Bug >Reporter: Volodymyr Tkach >Assignee: Volodymyr Tkach >Priority: Major > Fix For: 1.13.0 > > > The current version of libpam4j bundled with MCS does not perform any > authorization check. Any user with valid password could access the cluster > even if the user account is disabled/password expired/'not allowed to access > the service(pam_access ..)' etc.. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (DRILL-6192) Drill is vulnerable to CVE-2017-12197
[ https://issues.apache.org/jira/browse/DRILL-6192?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pritesh Maker updated DRILL-6192: - Reviewer: Arina Ielchiieva > Drill is vulnerable to CVE-2017-12197 > - > > Key: DRILL-6192 > URL: https://issues.apache.org/jira/browse/DRILL-6192 > Project: Apache Drill > Issue Type: Bug >Reporter: Volodymyr Tkach >Assignee: Volodymyr Tkach >Priority: Major > > The current version of libpam4j bundled with MCS does not perform any > authorization check. Any user with valid password could access the cluster > even if the user account is disabled/password expired/'not allowed to access > the service(pam_access ..)' etc.. -- This message was sent by Atlassian JIRA (v7.6.3#76005)