Apache Hadoop allows impersonation of arbitrary cluster user accounts
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Aug 29, 2023
Package
Affected versions
>= 0.23, < 0.23.2
>= 1.0, < 1.0.2
Patched versions
0.23.2
1.0.2
Description
Published by the National Vulnerability Database
Apr 12, 2012
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Aug 29, 2023
Last updated
Aug 29, 2023
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
References