CVE-2018-11765

Published: 2020-09-30T18:15Z

Last Modified: 2024-11-21T03:43Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt