CVE-2018-8025
Description
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.635
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-8025 are fixed in Apache-hbase-thrift 1.3.2.1 | Windows |
| Vulnerabilities CVE-2018-8025 are fixed in Apache-hbase-thrift 1.2.6.1 | Windows |
| Vulnerabilities CVE-2018-8025 are fixed in Apache-hbase-thrift 2.0.1 | Windows |
| Vulnerabilities CVE-2018-8025 are fixed in Apache-hbase-thrift 1.4.5 | Windows |
| Vulnerabilities CVE-2018-8025 are fixed in Apache-hbase-thrift for Linux 1.3.2.1 | Linux |
| Vulnerabilities CVE-2018-8025 are fixed in Apache-hbase-thrift for Linux 1.2.6.1 | Linux |
| Vulnerabilities CVE-2018-8025 are fixed in Apache-hbase-thrift for Linux 2.0.1 | Linux |
| Vulnerabilities CVE-2018-8025 are fixed in Apache-hbase-thrift for Linux 1.4.5 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234