PT-2018-18390 · Apache · Apache Hbase
Published
2018-06-27
·
Updated
2018-10-18
·
CVE-2018-8025
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Apache HBase versions prior to 1.2.6.1
Apache HBase versions prior to 1.3.2.1
Apache HBase versions prior to 1.4.5
Apache HBase versions prior to 2.0.1
Description:
The issue affects the optional "Thrift 1" API server in Apache HBase when running over HTTP. A race-condition could lead to authenticated sessions being incorrectly applied to users. For example, one authenticated user might be considered a different user, or an unauthenticated user might be treated as an authenticated user.
Recommendations:
For versions prior to 1.2.6.1, update to version 1.2.6.1 or later.
For versions prior to 1.3.2.1, update to version 1.3.2.1 or later.
For versions prior to 1.4.5, update to version 1.4.5 or later.
For versions prior to 2.0.1, update to version 2.0.1 or later.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Hbase