Incorrect User Access Control in Apache Hadoop Versions 2.7.5 to 2.7.6, 2.8.3 to 2.8.4, and 2.9.0 to 2.9.1 with Non-Default Groups Mapping

Incorrect User Access Control in Apache Hadoop Versions 2.7.5 to 2.7.6, 2.8.3 to 2.8.4, and 2.9.0 to 2.9.1 with Non-Default Groups Mapping

CVE-2018-11767 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:P

In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.

Learn more about our Cis Benchmark Audit For Apache Http Server.