CVE-2012-1574
Apache Hadoop 0.20.203.0-0.20.205.0, 0.23.x < 0.23.2, 1.0.x < 1.0.2 - User Impersonation via Kerberos/MapReduce
Title source: llmDescription
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2012/Apr/70
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48775
Various Sources x_refsource_confirm
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-04/0051.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48776
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52939
Vendor Advisory x_refsource_confirm
https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin
Scores
EPSS
0.0483
EPSS Percentile
91.0%
Details
CWE
CWE-310
Status
published
Products (12)
apache/hadoop
0.20.203.0
apache/hadoop
0.20.204.0
apache/hadoop
0.20.205.0
apache/hadoop
0.23.0
apache/hadoop
0.23.1
apache/hadoop
1.0.0
apache/hadoop
1.0.1
cloudera/cloudera_cdh
cdh3 0 (3 CPE variants)
cloudera/hadoop
0.20-sbin
cloudera/hadoop
0.20.1\+169
... and 2 more
Published
Apr 12, 2012
Tracked Since
Feb 18, 2026