{"containers":{"cna":{"affected":[{"product":"Apache Hadoop","vendor":"n/a","versions":[{"status":"affected","version":"Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6"}]}],"descriptions":[{"lang":"en","value":"In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms."}],"problemTypes":[{"descriptions":[{"description":"Privilege Escalation","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-11-16T01:06:50.000Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"name":"[hadoop-general] 20190311 CVE-2018-11767: Apache Hadoop KMS ACL regression","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/5fb771f66946dd5c99a8a5713347c24873846f555d716f9ac17bccca%40%3Cgeneral.hadoop.apache.org%3E"},{"name":"[hadoop-common-issues] 20190318 [jira] [Created] (HADOOP-16200) Add regression test for CVE-2018-11767","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/246cf223e7dc0c1dff90b78dccb6c3fe94e1a044dbf98e2333393302%40%3Ccommon-issues.hadoop.apache.org%3E"},{"name":"[hadoop-common-dev] 20190318 [jira] [Created] (HADOOP-16200) Add regression test for CVE-2018-11767","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/5a44590b4eedc5e25f5bd3081d1631b52c174b5b99157f7950ddc270%40%3Ccommon-dev.hadoop.apache.org%3E"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20190416-0009/"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2018-11767","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Hadoop","version":{"version_data":[{"version_value":"Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Privilege Escalation"}]}]},"references":{"reference_data":[{"name":"[hadoop-general] 20190311 CVE-2018-11767: Apache Hadoop KMS ACL regression","refsource":"MLIST","url":"https://lists.apache.org/thread.html/5fb771f66946dd5c99a8a5713347c24873846f555d716f9ac17bccca@%3Cgeneral.hadoop.apache.org%3E"},{"name":"[hadoop-common-issues] 20190318 [jira] [Created] (HADOOP-16200) Add regression test for CVE-2018-11767","refsource":"MLIST","url":"https://lists.apache.org/thread.html/246cf223e7dc0c1dff90b78dccb6c3fe94e1a044dbf98e2333393302@%3Ccommon-issues.hadoop.apache.org%3E"},{"name":"[hadoop-common-dev] 20190318 [jira] [Created] (HADOOP-16200) Add regression test for CVE-2018-11767","refsource":"MLIST","url":"https://lists.apache.org/thread.html/5a44590b4eedc5e25f5bd3081d1631b52c174b5b99157f7950ddc270@%3Ccommon-dev.hadoop.apache.org%3E"},{"name":"https://security.netapp.com/advisory/ntap-20190416-0009/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20190416-0009/"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","refsource":"MLIST","url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T08:17:08.999Z"},"title":"CVE Program Container","references":[{"name":"[hadoop-general] 20190311 CVE-2018-11767: Apache Hadoop KMS ACL regression","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/5fb771f66946dd5c99a8a5713347c24873846f555d716f9ac17bccca%40%3Cgeneral.hadoop.apache.org%3E"},{"name":"[hadoop-common-issues] 20190318 [jira] [Created] (HADOOP-16200) Add regression test for CVE-2018-11767","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/246cf223e7dc0c1dff90b78dccb6c3fe94e1a044dbf98e2333393302%40%3Ccommon-issues.hadoop.apache.org%3E"},{"name":"[hadoop-common-dev] 20190318 [jira] [Created] (HADOOP-16200) Add regression test for CVE-2018-11767","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/5a44590b4eedc5e25f5bd3081d1631b52c174b5b99157f7950ddc270%40%3Ccommon-dev.hadoop.apache.org%3E"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20190416-0009/"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"}]}]},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2018-11767","datePublished":"2019-03-18T13:41:17.000Z","dateReserved":"2018-06-05T00:00:00.000Z","dateUpdated":"2024-08-05T08:17:08.999Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}