Description
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
Remediation
References
http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E
http://www-01.ibm.com/support/docview.wss?uid=swg21969546
http://www.securitytracker.com/id/1034365
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
Related Vulnerabilities
CVE-2020-2264 Vulnerability in maven package org.jenkins-ci.plugins:custom-job-icon
CVE-2010-2076 Vulnerability in maven package org.apache.axis2:axis2-kernel
CVE-2019-10370 Vulnerability in maven package org.jenkins-ci.plugins:mask-passwords
CVE-2013-1965 Vulnerability in maven package org.apache.struts:struts2-showcase
CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty:jetty-server