CVE-2018-1296 is a vulnerability in Apache Hadoop
Published on February 7, 2019

In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.

NVD

Products Associated with CVE-2018-1296

Want to know whenever a new CVE is published for Apache Hadoop? stack.watch will email you.

Apache Hadoop

Affected Versions

Apache Software Foundation Apache Hadoop Version Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, 2.5.0 to 2.7.5 is affected by CVE-2018-1296

Exploit Probability

EPSS

0.57%

Percentile

68.33%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1296 is a vulnerability in Apache HadoopPublished on February 7, 2019

Products Associated with CVE-2018-1296

Affected Versions

Exploit Probability

CVE-2018-1296 is a vulnerability in Apache Hadoop
Published on February 7, 2019