CVE-2018-11767

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions 2.7.5 through 2.7.6 Apache Hadoop versions 2.8.3 through 2.8.4 Apache Hadoop versions 2.9.0 through 2.9.1

Description The issue concerns incorrect user access control in Apache Hadoop, specifically when non-default groups mapping mechanisms are used. This can lead to KMS blocking users or granting access to users incorrectly.

Recommendations For Apache Hadoop versions 2.7.5 through 2.7.6, consider updating the groups mapping mechanisms to default settings to minimize the risk of incorrect access control. For Apache Hadoop versions 2.8.3 through 2.8.4, review and adjust the non-default groups mapping mechanisms to ensure correct user access control. For Apache Hadoop versions 2.9.0 through 2.9.1, reconfigure the KMS to use default groups mapping mechanisms until a proper fix is applied.