CVE-2018-15804

An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mapr:mapr:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:51

Type Values Removed Values Added
References () https://mapr.com/support/s/article/MapR-Ticket-Credentials-can-become-compromised - Vendor Advisory () https://mapr.com/support/s/article/MapR-Ticket-Credentials-can-become-compromised - Vendor Advisory

Information

Published : 2018-08-23 18:29

Updated : 2024-11-21 03:51


NVD link : CVE-2018-15804

Mitre link : CVE-2018-15804

CVE.ORG link : CVE-2018-15804


JSON object : View

Products Affected

mapr

  • mapr