A flaw was found in Apache Hadoop. Web endpoint authentication check is broken. Authenticated users may impersonate any user even if no proxy user is configured. Reference: https://www.openwall.com/lists/oss-security/2020/10/21/1
OpenShift is using Hadoop 3.1.1 which is not affected by this issue.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-11764