CVE-2012-1574

Apache Hadoop 0.20.203.0-0.20.205.0, 0.23.x < 0.23.2, 1.0.x < 1.0.2 - User Impersonation via Kerberos/MapReduce

Title source: llm
STIX 2.1

Description

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

References (7)

Core 7
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2012/Apr/70
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48775
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-04/0051.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48776
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52939

Scores

EPSS 0.0483
EPSS Percentile 91.0%

Details

CWE
CWE-310
Status published
Products (12)
apache/hadoop 0.20.203.0
apache/hadoop 0.20.204.0
apache/hadoop 0.20.205.0
apache/hadoop 0.23.0
apache/hadoop 0.23.1
apache/hadoop 1.0.0
apache/hadoop 1.0.1
cloudera/cloudera_cdh cdh3 0 (3 CPE variants)
cloudera/hadoop 0.20-sbin
cloudera/hadoop 0.20.1\+169
... and 2 more
Published Apr 12, 2012
Tracked Since Feb 18, 2026