Description

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

Remediation

References

http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E

http://www.securitytracker.com/id/1034365

http://www-01.ibm.com/support/docview.wss?uid=swg21969546

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

Related Vulnerabilities

CVE-2023-2585 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2023-30543 Vulnerability in npm package @web3-react/walletconnect

CVE-2022-34811 Vulnerability in maven package org.jenkins-ci.plugins:xpath-config-viewer

CVE-2023-24429 Vulnerability in maven package org.jenkins-ci.plugins:semantic-versioning-plugin

CVE-2021-31403 Vulnerability in maven package com.vaadin:vaadin-server

Severity

High

Classification

CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Vendor Advisory