CVE-2018-11785

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Impala
Vendor: CVE Published:; 24 October 2018

Summary

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.

Affected Version(s)

Apache Impala Apache Impala 3.0.0

References

http://www.securityfocus.com/bid/105742

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/cba8f18df15af862aa07...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 24, 2018
Vulnerability Reserved
Jun 5, 2018