Privilege Escalation Affecting org.apache.hbase:hbase-thrift Open this link in a new tab package, versions [1.2.0,18.104.22.168) [1.3.0,22.214.171.124) [1.4.0,1.4.5) [2.0.0,2.0.1)
Do your applications use this vulnerable package?
28 Jun 2018
1 Jun 2018
How to fix?
org.apache.hbase:hbase-thrift to version 126.96.36.199, 188.8.131.52, 1.4.5, 2.0.1. or higher.
org.apache.hbase:hbase-thrift is an open-source, distributed, versioned, column-oriented store modeled after Google' Bigtable.
Affected versions of this package are vulnerable to Privilege Escalation. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user.