Cryptographic Issues

CVE-2012-3376

High

7.5/10

Summary

DataNodes in Apache Hadoop up to 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-310 - Cryptographic Issues

Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.

References

Advisory

Advisory Timeline

Published Jul 12, 2012

Cryptographic Issues

CVE-2012-3376

Summary

CWE-310 - Cryptographic Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS