Bug 1883549 (CVE-2018-11765)
| Summary: | CVE-2018-11765 hadoop: Potential information disclosure in Hadoop Web interfaces | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aileenc, bchilds, bmontgom, chazlett, drieden, eparis, ggaughan, gmalinko, janstey, jburrell, jochrist, jokerman, jolee, jschatte, jstastny, jwon, nstielau, pjindal, sd-operator-metering, sponnaga, tflannag, vbellur, vhalbert |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Hadoop 2.10.0, Hadoop 3.0.1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-08 14:21:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1883550 | ||
|
Description
Michael Kaplan
2020-09-29 14:35:02 UTC
External References: https://seclists.org/oss-sec/2020/q3/198 In OpenShift Container Platform the hadoop-container uses Hadoop 3.1.1.redhat-00002 (hadoop 3.1.1 + patches). Not affected by this flaw. Mitigation: Users should upgrade to Apache Hadoop 2.10.0, 3.0.1 or upper. If it is not possible and affected version of Apache Hadoop is used, SPNEGO through HTTP should be enabled. Originally issue was introduced here: https://issues.apache.org/jira/browse/HADOOP-13707 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-11765 |