CVE-2012-1574

medium Apache
CVSS v3 Base Score
6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS Score
0.5%
Exploitation probability in 30 days
Top 36% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: April 12, 2012 (5145 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

CWE

CWE-310

Affected Products

apache hadoopcloudera cloudera cdhcloudera hadoop

References

🔗 archives.neohapsis.com 🔗 seclists.org 🔗 secunia.com 🔗 secunia.com 🔗 www.securityfocus.com