PT-2017-16641 · Apache · Apache Knox

Publicado

2017-05-26

Atualizado

2022-05-13

CVE-2017-5646

CVSS v3.1

6.8

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Knox versions 0.2.0 through 0.11.0

Description An authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox, potentially resulting in escalated privileges and unauthorized data access. Although this activity is audit logged and can be associated with the authenticated user, it is still a serious security issue.

Recommendations For versions 0.2.0 through 0.11.0, upgrade to the Apache Knox 0.12.0 release.

Correção

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346

Identificadores relacionados

CVE-2017-5646

GHSA-G3FC-8JV4-QMMV

Produtos afetados

Apache Knox

PT-2017-16641 · Apache · Apache Knox

CVE-2017-5646

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11