CVE-2018-8009

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Hadoop
Vendor: CVE Published:; 13 November 2018

Summary

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.

Affected Version(s)

Apache Hadoop Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11

References

https://snyk.io/research/zip-slip-vulnerability

x_refsource_MISC

http://www.securityfocus.com/bid/105927

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/a1c227745ce30acbcf38...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2018
Vulnerability Reserved
Mar 9, 2018