{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-23T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "20120405 [CVE-2012-1574] Apache Hadoop user impersonation vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2012/Apr/70"}, {"name": "48775", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48775"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"}, {"name": "20120405 [CVE-2012-1574] Apache Hadoop user impersonation vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0051.html"}, {"name": "48776", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48776"}, {"name": "52939", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52939"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1574", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20120405 [CVE-2012-1574] Apache Hadoop user impersonation vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2012/Apr/70"}, {"name": "48775", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48775"}, {"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", "refsource": "CONFIRM", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"}, {"name": "20120405 [CVE-2012-1574] Apache Hadoop user impersonation vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0051.html"}, {"name": "48776", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48776"}, {"name": "52939", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52939"}, {"name": "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin", "refsource": "CONFIRM", "url": "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:01:02.673Z"}, "title": "CVE Program Container", "references": [{"name": "20120405 [CVE-2012-1574] Apache Hadoop user impersonation vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2012/Apr/70"}, {"name": "48775", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48775"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"}, {"name": "20120405 [CVE-2012-1574] Apache Hadoop user impersonation vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0051.html"}, {"name": "48776", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48776"}, {"name": "52939", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52939"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1574", "datePublished": "2012-04-12T10:00:00", "dateReserved": "2012-03-12T00:00:00", "dateUpdated": "2024-08-06T19:01:02.673Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hadoop:0.20.203.0:*:*:*:*:*:*:*", "matchCriteriaId": "370F1E87-2870-49DA-9501-39327A0D9550", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.20.204.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7386E8A-6F60-4A24-97CE-D6A58A6E9C5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.20.205.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A57AD46-043A-410A-9A2A-53982641CC54", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "029481B4-F0BC-4C44-B5DB-4AE66AE92334", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "501DBE03-139A-46E9-BFD5-B7D8245AD2C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCC82E5C-775B-4BB0-AE38-6CF546CD6A4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA4A72DC-B207-4013-ADED-BDEEE3940486", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudera:cloudera_cdh:cdh3:0:*:*:*:*:*:*", "matchCriteriaId": "DD622153-2A32-4721-B942-3102BA0002C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_cdh:cdh3:1:*:*:*:*:*:*", "matchCriteriaId": "0650B19A-5285-4799-877D-BCA5889158B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cloudera_cdh:cdh3:2:*:*:*:*:*:*", "matchCriteriaId": "6D4259A1-CAF6-456B-A366-F8D223263097", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:hadoop:0.20-sbin:*:*:*:*:*:*:*", "matchCriteriaId": "3B15492C-3EAC-481B-BAAE-258F2B5C76AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:hadoop:0.20.1\\+169:*:*:*:*:*:*:*", "matchCriteriaId": "F414B5A4-050E-46A0-BBAF-7716EE5DE5C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:hadoop:0.20.2\\+923:*:*:*:*:*:*:*", "matchCriteriaId": "5A2829B7-70D8-4A65-B8A1-BC6DFA21F20A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors."}, {"lang": "es", "value": "La funcionalidad Kerberos/MapReduce en Apache Hadoop v0.20.203.0 a v0.20.205.0, v0.23.x antes de v0.23.2 y v1.0.x antes de v1.0.2, tal y como se utiliza en Cloudera CDH CDH3u0 a CDH3u2, Cloudera Hadoop-0.20-sbin antes de v0.20.2+923.197, y otros productos, permite hacerse pasar por usuarios de cluster de su elecci\u00f3n a usuarios remotos autenticados a trav\u00e9s de vectores no especificados."}], "id": "CVE-2012-1574", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-04-12T10:45:14.580", "references": [{"source": "secalert@redhat.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0051.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2012/Apr/70"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48775"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48776"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/52939"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin"}, {"source": "secalert@redhat.com", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0051.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2012/Apr/70"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48776"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}