CVE-2020-9492

ADVISORY - github

Summary

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.

EPSS Score⁠: 0.00143 (0.346)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-863⁠

Incorrect Authorization

ADVISORY - github

CWE-269⁠

Improper Privilege Management

CWE-863⁠

Incorrect Authorization

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-269⁠

Improper Privilege Management

CWE-863⁠

Incorrect Authorization

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-863⁠

Incorrect Authorization

Impacted images

Advisories

NIST

CREATED

5 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2020-9492⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-863⁠

CVSS SCORE

8.8high

GitHub

CREATED

4 years ago

UPDATED

4 years ago

ADVISORY IDGHSA-f8vc-wfc8-hxqh⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-269⁠CWE-863⁠

CVSS SCORE

8.8high

GitLab

CREATED

5 years ago

UPDATED

4 years ago

ADVISORY ID

CVE-2020-9492

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-269⁠CWE-863⁠CWE-937⁠

CVSS SCORE

8.8high

Bitnami

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

BIT-2020-9492

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Bitnami

CREATED

2 years ago

UPDATED

11 months ago

ADVISORY ID

BIT-solr-2020-9492

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.8high

Red Hat

CREATED

5 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2020-9492⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-863⁠

CVSS SCORE

8.8high