Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials
CVE-2023-34340

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Apache Accumulo
Vendor: CVE Published:; 21 June 2023

Summary

An issue has been identified in Apache Accumulo version 2.1.0, where the user authentication mechanism allows access to users with invalid credentials. This defect poses a significant risk as it undermines the security of the authentication process. Users are encouraged to upgrade to version 2.1.1 to mitigate this vulnerability and enhance the security of their systems.

Affected Version(s)

Apache Accumulo 2.1.0 < 2.1.1

References

https://lists.apache.org/thread/syy6jftvy9l6tlhn33o0rzwhh...

vendor-advisorymailing-list

https://accumulo.apache.org/release/accumulo-2.1.1/

release-notes

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2023
Vulnerability Reserved
Jun 1, 2023