Home > Vulnerability Database > WS-2018-0605

Mend.io Vulnerability Database

WS-2018-0605

Good to know:

Date: June 1, 2018

The “remoteUser” in Apache Hadoop, versions 0.21.0 to 3.0.3, 3.04 to 3.1.0, 3.1.2 to 3.1.3 poses an XSS vulnerability due to improper authentication and privilege handle.

Language: Java

Severity Score

7.5

Related Resources (2)

Url: https://github.com/apache/hadoop/commit/cba319499822a2475c60c43ea71f8e78237e139f

Url: https://www.mend.io/vulnerability-database/WS-2018-0605

Severity Score

7.5

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version release-3.1.0,release-3.1.1, release-3.2.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2018-0605

Good to know:

Date: June 1, 2018

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?