Improper Authentication Affecting org.apache.hadoop:hadoop-core package, versions [3.0.0, 3.0.1)


0.0
high
  • Attack Complexity

    Low

  • Integrity

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHEHADOOP-1020811

  • published

    23 Oct 2020

  • disclosed

    22 Oct 2020

  • credit

    Daryn Sharp

How to fix?

Upgrade org.apache.hadoop:hadoop-core to version 3.0.1 or higher.

Overview

org.apache.hadoop:hadoop-core is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models.

Affected versions of this package are vulnerable to Improper Authentication. Authenticated users may impersonate any user even if no proxy user is configured.