← Back

CVE-2012-1574

nvd nist
Published: Apr 12, 2012Modified: Apr 29, 2026

JSON object

Loading...
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD

Description

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

Affected (13)

Apache
1 product
Hadoop
Cloudera
2 products
Cloudera Cdh
Hadoop
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Hadoop
Version 0.20.203.0
Hadoop
Version 0.20.204.0
Hadoop
Version 0.20.205.0
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Hadoop
Version 0.23.0
Hadoop
Version 0.23.1
Hadoop
Version 1.0.0
Hadoop
Version 1.0.1
Configuration C
6 vulnerable
Vulnerable SoftwareAffected Versions
Cloudera
Cloudera Cdh
Version cdh3 0
Cloudera Cdh
Version cdh3 1
Cloudera Cdh
Version cdh3 2
Cloudera
Hadoop
Version 0.20-sbin
Hadoop
Version 0.20.1+169
Hadoop
Version 0.20.2+923

Related CWEs

CWE-310
CWE-310

References (14)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.