CVE-2017-5640 Apache Impala (incubating) Information Disclosure

2017-07-10 Thread Sailesh Mukil
CVE-2017-5640 Apache Impala (incubating) Information Disclosure Severity: High Versions Affected: Apache Impala (incubating) 2.7.0 to 2.8.0 Description: It was noticed that a malicious process impersonating an Impala daemon could cause Impala daemons to skip authentication checks when Kerberos

[SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure

2017-07-10 Thread Sailesh Mukil
CVE-2017-5652 Apache Impala (incubating) Information Disclosure Severity: High Versions Affected: Apache Impala (incubating) 2.7.0 to 2.8.0 Description: During a routine security analysis, it was found that one of the ports sent data in plaintext even when the cluster was configured to use