Vulnerability Description
An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mapr | Mapr | < 6.0.1 |
References
- https://mapr.com/support/s/article/MapR-Ticket-Credentials-can-become-compromiseVendor Advisory
- https://mapr.com/support/s/article/MapR-Ticket-Credentials-can-become-compromiseVendor Advisory
FAQ
What is CVE-2018-15804?
CVE-2018-15804 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised,...
How severe is CVE-2018-15804?
CVE-2018-15804 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15804?
Check the references section above for vendor advisories and patch information. Affected products include: Mapr Mapr.