CVE-2018-11785

2018-10-24 22:29:00 2019-10-03 02:03:26

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Apache Impala 2.12.0 (not an official CPE) Apache Impala 2.11.0 (not an official CPE) Apache Impala 2.10.0 (not an official CPE) Apache Impala 2.9.0 (not an official CPE) Apache Impala 2.8.0 (not an official CPE) Apache Impala 2.7.0 (not an official CPE) Apache Impala 3.0.0 (not an official CPE)

Apache - Impala

Advisory	Patch	Confirmed	Link
			105742
			https://lists.apache.org/thread.html/cba8f18df15af862aa0...

Missing Authorization (ID 862)