CVE-2018-11764: Apache Hadoop Privilege escalation in web endpoint Severity: Critical
Vendor: The Apache Software Foundation Versions affected: 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0 Description: Web endpoint authentication check is broken. Authenticated users may impersonate any user even if no proxy user is configured. Mitigation: Users should upgrade to Apache Hadoop 3.0.1 or upper. Credit: This issue was discovered by Daryn Sharp. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@hadoop.apache.org For additional commands, e-mail: user-h...@hadoop.apache.org
