CVE-2018-11768 - Vulnerability Details

Vendors	Products
Apache	Hadoop

Link	Providers
https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E
https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E
https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2018-11768
https://www.cve.org/CVERecord?id=CVE-2018-11768

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Apache Hadoop", "vendor": "n/a", "versions": [{"status": "affected", "version": "Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, 2.0.0-alpha to 2.8.4"}]}], "descriptions": [{"lang": "en", "value": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-06T13:06:18", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E"}, {"name": "[hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E"}, {"name": "[hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"name": "[hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"name": "[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"name": "[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E"}, {"name": "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"}, {"name": "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2018-11768", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Hadoop", "version": {"version_data": [{"version_value": "Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, 2.0.0-alpha to 2.8.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E"}, {"name": "[hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E"}, {"name": "[hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E"}, {"name": "[hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E"}, {"name": "[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E"}, {"name": "[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E"}, {"name": "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E"}, {"name": "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:17:09.225Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E"}, {"name": "[hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E"}, {"name": "[hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"name": "[hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"name": "[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"name": "[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E"}, {"name": "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"}, {"name": "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-11768", "datePublished": "2019-10-04T13:56:56", "dateReserved": "2018-06-05T00:00:00", "dateUpdated": "2024-08-05T08:17:09.225Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Apache Hadoop (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, 2.0.0-alpha to 2.8.4 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Information Disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-08-06T13:06:18 (string)

orgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

shortName : apache (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E (string)

}

1 : { »

name : [hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E (string)

}

2 : { »

name : [hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

3 : { »

name : [hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

4 : { »

name : [hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

5 : { »

name : [lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E (string)

}

6 : { »

name : [lucene-dev] 20191029 CVE-2018-11768 in regards to Solr (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E (string)

}

7 : { »

name : [lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E (string)

}

8 : { »

name : [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E (string)

}

9 : { »

name : [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@apache.org (string)

ID : CVE-2018-11768 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Apache Hadoop (string)

version : { »

version_data : [ »

0 : { »

version_value : Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, 2.0.0-alpha to 2.8.4 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information Disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E (string)

refsource : MISC (string)

url : https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E (string)

}

1 : { »

name : [hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E (string)

}

2 : { »

name : [hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E (string)

}

3 : { »

name : [hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E (string)

}

4 : { »

name : [hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E (string)

}

5 : { »

name : [lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E (string)

}

6 : { »

name : [lucene-dev] 20191029 CVE-2018-11768 in regards to Solr (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E (string)

}

7 : { »

name : [lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E (string)

}

8 : { »

name : [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E (string)

}

9 : { »

name : [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T08:17:09.225Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E (string)

}

1 : { »

name : [hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E (string)

}

2 : { »

name : [hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

3 : { »

name : [hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

4 : { »

name : [hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

5 : { »

name : [lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E (string)

}

6 : { »

name : [lucene-dev] 20191029 CVE-2018-11768 in regards to Solr (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E (string)

}

7 : { »

name : [lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E (string)

}

8 : { »

name : [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E (string)

}

9 : { »

name : [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

assignerShortName : apache (string)

cveId : CVE-2018-11768 (string)

datePublished : 2019-10-04T13:56:56 (string)

dateReserved : 2018-06-05T00:00:00 (string)

dateUpdated : 2024-08-05T08:17:09.225Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DD242B4-4B2C-4D04-AC1E-EF5DB0946AF4", "versionEndIncluding": "2.8.4", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*", "matchCriteriaId": "25983124-125F-483B-8AD0-ABD5BEB24565", "versionEndIncluding": "2.9.1", "versionStartIncluding": "2.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FCEC9B9-9A2A-4A90-8D1F-DEB7396A4B4D", "versionEndIncluding": "3.0.3", "versionStartIncluding": "3.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*", "matchCriteriaId": "D760BFB8-4CD4-450B-B3F7-9BBE845A15D4", "versionEndIncluding": "3.1.1", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "449B6ACE-1EB7-4EE6-A6A6-D0B6B35E7711", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "227941BD-D769-45AD-9D61-7FCA3C2264FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "32C079FC-786F-4FDA-A81D-D3F8C57233DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "18BF490A-0865-47C0-A143-0991B40BD259", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.2:-:*:*:*:*:*:*", "matchCriteriaId": "E214AEE0-651F-46F7-9784-0021356D8634", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "E091799F-203D-4C52-839E-E798770C0287", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.3:-:*:*:*:*:*:*", "matchCriteriaId": "B85FB31E-8473-4447-A19A-BDE8E5D3A13F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*", "matchCriteriaId": "80E53689-C56C-4104-B510-CB4116B898CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.4:-:*:*:*:*:*:*", "matchCriteriaId": "0FFC6E30-3613-4D4F-96BF-495B3D3B73E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "591921C3-F7EA-402E-9C36-2EADF0417C72", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.5:-:*:*:*:*:*:*", "matchCriteriaId": "F07F8A23-27DF-46FE-B94C-B675A9C019C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*", "matchCriteriaId": "9FA774A9-81B3-4303-B254-C802B4DC8004", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.6:-:*:*:*:*:*:*", "matchCriteriaId": "5DB9D913-962A-4465-B9E8-C20645D4DF89", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*", "matchCriteriaId": "877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "3C55C1D6-6EDC-47BB-8B8B-FA341179E37F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "25DB127F-4293-4847-A8C4-C7F6B74762EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*", "matchCriteriaId": "E8AE3E25-0726-4039-A3A8-B53F7CF0E638", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "2547A78B-A084-4AD4-9312-B97B12C30BFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "C33530ED-6093-4B4C-AFDB-4DB5EB5878E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "38BCF20D-169E-4847-8880-A223467B8639", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "336DADCF-3302-423D-BFDC-72C031AD1CAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "689B619C-04C4-43C6-B103-DDAAA9C9CC9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "1E457B6F-5F01-45C5-8568-7AF598721AEB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage."}, {"lang": "es", "value": "En Apache Hadoop versiones 3.1.0 hasta 3.1.1, 3.0.0-alpha1 hasta 3.0.3, 2.9.0 hasta 2.9.1 y 2.0.0-alpha hasta 2.8.4, la informaci\u00f3n de user/group puede corromperse durante el almacenamiento en fsimage y una lectura nuevamente desde fsimage."}], "id": "CVE-2018-11768", "lastModified": "2024-11-21T03:43:59.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-04T14:15:10.903", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4DD242B4-4B2C-4D04-AC1E-EF5DB0946AF4 (string)

versionEndIncluding : 2.8.4 (string)

versionStartIncluding : 2.2.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 25983124-125F-483B-8AD0-ABD5BEB24565 (string)

versionEndIncluding : 2.9.1 (string)

versionStartIncluding : 2.9.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7FCEC9B9-9A2A-4A90-8D1F-DEB7396A4B4D (string)

versionEndIncluding : 3.0.3 (string)

versionStartIncluding : 3.0.1 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D760BFB8-4CD4-450B-B3F7-9BBE845A15D4 (string)

versionEndIncluding : 3.1.1 (string)

versionStartIncluding : 3.1.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 449B6ACE-1EB7-4EE6-A6A6-D0B6B35E7711 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 227941BD-D769-45AD-9D61-7FCA3C2264FA (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.1:-:*:*:*:*:*:* (string)

matchCriteriaId : 32C079FC-786F-4FDA-A81D-D3F8C57233DA (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 18BF490A-0865-47C0-A143-0991B40BD259 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.2:-:*:*:*:*:*:* (string)

matchCriteriaId : E214AEE0-651F-46F7-9784-0021356D8634 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:* (string)

matchCriteriaId : E091799F-203D-4C52-839E-E798770C0287 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.3:-:*:*:*:*:*:* (string)

matchCriteriaId : B85FB31E-8473-4447-A19A-BDE8E5D3A13F (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 80E53689-C56C-4104-B510-CB4116B898CB (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.4:-:*:*:*:*:*:* (string)

matchCriteriaId : 0FFC6E30-3613-4D4F-96BF-495B3D3B73E9 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 591921C3-F7EA-402E-9C36-2EADF0417C72 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.5:-:*:*:*:*:*:* (string)

matchCriteriaId : F07F8A23-27DF-46FE-B94C-B675A9C019C6 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 9FA774A9-81B3-4303-B254-C802B4DC8004 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.6:-:*:*:*:*:*:* (string)

matchCriteriaId : 5DB9D913-962A-4465-B9E8-C20645D4DF89 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:apache:hadoop:2.1.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 3C55C1D6-6EDC-47BB-8B8B-FA341179E37F (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:* (string)

matchCriteriaId : 25DB127F-4293-4847-A8C4-C7F6B74762EE (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:* (string)

matchCriteriaId : E8AE3E25-0726-4039-A3A8-B53F7CF0E638 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 2547A78B-A084-4AD4-9312-B97B12C30BFD (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:* (string)

matchCriteriaId : C33530ED-6093-4B4C-AFDB-4DB5EB5878E0 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:* (string)

matchCriteriaId : 38BCF20D-169E-4847-8880-A223467B8639 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:* (string)

matchCriteriaId : 336DADCF-3302-423D-BFDC-72C031AD1CAD (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:* (string)

matchCriteriaId : 689B619C-04C4-43C6-B103-DDAAA9C9CC9C (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:* (string)

matchCriteriaId : 1E457B6F-5F01-45C5-8568-7AF598721AEB (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. (string)

}

1 : { »

lang : es (string)

value : En Apache Hadoop versiones 3.1.0 hasta 3.1.1, 3.0.0-alpha1 hasta 3.0.3, 2.9.0 hasta 2.9.1 y 2.0.0-alpha hasta 2.8.4, la información de user/group puede corromperse durante el almacenamiento en fsimage y una lectura nuevamente desde fsimage. (string)

}

]

id : CVE-2018-11768 (string)

lastModified : 2024-11-21T03:43:59.550 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-10-04T14:15:10.903 (string)

references : [ »

0 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E (string)

}

1 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

2 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E (string)

}

3 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E (string)

}

4 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E (string)

}

5 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E (string)

}

6 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

7 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

8 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E (string)

}

9 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E (string)

}

]

sourceIdentifier : security@apache.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "hadoop: user/group information corruption through fsimage storing and reading", "id": "1764650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764650"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-119", "details": ["In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage."], "name": "CVE-2018-11768", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Fix deferred", "impact": "low", "package_name": "hadoop", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "hadoop-common", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "hadoop-core", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "hadoop-core", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-metering-hadoop", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Out of support scope", "package_name": "nutch", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Out of support scope", "package_name": "spacewalk-search", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "rhs-hadoop", "product_name": "Red Hat Storage 3"}], "public_date": "2019-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-11768\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11768"], "statement": "Hadoop is included in OpenShift Container Platform 4.2 and later as part of the metering operator. It's an optional feature that is not installed by default.", "threat_severity": "Moderate"}

{

bugzilla : { »

description : hadoop: user/group information corruption through fsimage storing and reading (string)

id : 1764650 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1764650 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 7.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (string)

status : draft (string)

}

cwe : CWE-119 (string)

details : [ »

0 : In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. (string)

]

name : CVE-2018-11768 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:jboss_fuse:7 (string)

fix_state : Fix deferred (string)

impact : low (string)

package_name : hadoop (string)

product_name : Red Hat Fuse 7 (string)

}

1 : { »

cpe : cpe:/a:redhat:jboss_data_grid:7 (string)

fix_state : Not affected (string)

package_name : hadoop-common (string)

product_name : Red Hat JBoss Data Grid 7 (string)

}

2 : { »

cpe : cpe:/a:redhat:jboss_data_virtualization:6 (string)

fix_state : Out of support scope (string)

package_name : hadoop-core (string)

product_name : Red Hat JBoss Data Virtualization 6 (string)

}

3 : { »

cpe : cpe:/a:redhat:jboss_fuse:6 (string)

fix_state : Out of support scope (string)

package_name : hadoop-core (string)

product_name : Red Hat JBoss Fuse 6 (string)

}

4 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Will not fix (string)

package_name : openshift4/ose-metering-hadoop (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

5 : { »

cpe : cpe:/a:redhat:network_satellite:5 (string)

fix_state : Out of support scope (string)

package_name : nutch (string)

product_name : Red Hat Satellite 5 (string)

}

6 : { »

cpe : cpe:/a:redhat:network_satellite:5 (string)

fix_state : Out of support scope (string)

package_name : spacewalk-search (string)

product_name : Red Hat Satellite 5 (string)

}

7 : { »

cpe : cpe:/a:redhat:storage:3 (string)

fix_state : Not affected (string)

package_name : rhs-hadoop (string)

product_name : Red Hat Storage 3 (string)

}

]

public_date : 2019-10-04T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2018-11768 https://nvd.nist.gov/vuln/detail/CVE-2018-11768 (string)

]

statement : Hadoop is included in OpenShift Container Platform 4.2 and later as part of the metering operator. It's an optional feature that is not installed by default. (string)

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object