CVE-2017-5646

medium

Apache

CVSS v3 Base Score

6.8

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.0%

Exploitation probability in 30 days

Top 89% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

High

Availability

None

Published: May 26, 2017 (3275 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release.

CWE

CWE-346

Affected Products

apache knox

References

🔗 mail-archives.apache.org 🔗 www.securityfocus.com 🔗 lists.apache.org 🔗 mail-archives.apache.org 🔗 www.securityfocus.com

CVE-2017-5646

Vulnerability Report

Description

CWE

Affected Products

References