FKIE_CVE-2018-11768
Vulnerability from fkie_nvd - Published: 2019-10-04 14:15 - Updated: 2024-11-21 03:43
Severity
Summary
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | hadoop | * | |
| apache | hadoop | * | |
| apache | hadoop | * | |
| apache | hadoop | * | |
| apache | hadoop | 2.0.0 | |
| apache | hadoop | 2.0.0 | |
| apache | hadoop | 2.0.1 | |
| apache | hadoop | 2.0.1 | |
| apache | hadoop | 2.0.2 | |
| apache | hadoop | 2.0.2 | |
| apache | hadoop | 2.0.3 | |
| apache | hadoop | 2.0.3 | |
| apache | hadoop | 2.0.4 | |
| apache | hadoop | 2.0.4 | |
| apache | hadoop | 2.0.5 | |
| apache | hadoop | 2.0.5 | |
| apache | hadoop | 2.0.6 | |
| apache | hadoop | 2.0.6 | |
| apache | hadoop | 2.1.0 | |
| apache | hadoop | 2.1.0 | |
| apache | hadoop | 2.1.1 | |
| apache | hadoop | 3.0.0 | |
| apache | hadoop | 3.0.0 | |
| apache | hadoop | 3.0.0 | |
| apache | hadoop | 3.0.0 | |
| apache | hadoop | 3.0.0 | |
| apache | hadoop | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD242B4-4B2C-4D04-AC1E-EF5DB0946AF4",
"versionEndIncluding": "2.8.4",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25983124-125F-483B-8AD0-ABD5BEB24565",
"versionEndIncluding": "2.9.1",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCEC9B9-9A2A-4A90-8D1F-DEB7396A4B4D",
"versionEndIncluding": "3.0.3",
"versionStartIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D760BFB8-4CD4-450B-B3F7-9BBE845A15D4",
"versionEndIncluding": "3.1.1",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "449B6ACE-1EB7-4EE6-A6A6-D0B6B35E7711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "227941BD-D769-45AD-9D61-7FCA3C2264FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "32C079FC-786F-4FDA-A81D-D3F8C57233DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "18BF490A-0865-47C0-A143-0991B40BD259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "E214AEE0-651F-46F7-9784-0021356D8634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E091799F-203D-4C52-839E-E798770C0287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "B85FB31E-8473-4447-A19A-BDE8E5D3A13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*",
"matchCriteriaId": "80E53689-C56C-4104-B510-CB4116B898CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "0FFC6E30-3613-4D4F-96BF-495B3D3B73E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*",
"matchCriteriaId": "591921C3-F7EA-402E-9C36-2EADF0417C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.5:-:*:*:*:*:*:*",
"matchCriteriaId": "F07F8A23-27DF-46FE-B94C-B675A9C019C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*",
"matchCriteriaId": "9FA774A9-81B3-4303-B254-C802B4DC8004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.6:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB9D913-962A-4465-B9E8-C20645D4DF89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*",
"matchCriteriaId": "877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3C55C1D6-6EDC-47BB-8B8B-FA341179E37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "25DB127F-4293-4847-A8C4-C7F6B74762EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "E8AE3E25-0726-4039-A3A8-B53F7CF0E638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2547A78B-A084-4AD4-9312-B97B12C30BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "C33530ED-6093-4B4C-AFDB-4DB5EB5878E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "38BCF20D-169E-4847-8880-A223467B8639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "336DADCF-3302-423D-BFDC-72C031AD1CAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "689B619C-04C4-43C6-B103-DDAAA9C9CC9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1E457B6F-5F01-45C5-8568-7AF598721AEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage."
},
{
"lang": "es",
"value": "En Apache Hadoop versiones 3.1.0 hasta 3.1.1, 3.0.0-alpha1 hasta 3.0.3, 2.9.0 hasta 2.9.1 y 2.0.0-alpha hasta 2.8.4, la informaci\u00f3n de user/group puede corromperse durante el almacenamiento en fsimage y una lectura nuevamente desde fsimage."
}
],
"id": "CVE-2018-11768",
"lastModified": "2024-11-21T03:43:59.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-04T14:15:10.903",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…