1. Home
  2. CVE Database
  3. CVE-2012-1574
MEDIUM · 6.5

CVE-2012-1574

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hado...

Vulnerability Description

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
ApacheHadoop0.20.203.0
ClouderaCloudera Cdhcdh3
ClouderaHadoop0.20-sbin

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2012-1574?

CVE-2012-1574 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hado...

How severe is CVE-2012-1574?

CVE-2012-1574 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-1574?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Hadoop, Cloudera Cloudera Cdh, Cloudera Hadoop.