Description
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
Remediation
References
http://www-01.ibm.com/support/docview.wss?uid=swg21969546
http://www.securitytracker.com/id/1034365
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E
Related Vulnerabilities
CVE-2017-2602 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2017-8046 Vulnerability in maven package org.springframework.data:spring-data-rest-webmvc
CVE-2019-1003022 Vulnerability in maven package org.jvnet.hudson.plugins:monitoring
CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder
CVE-2022-24289 Vulnerability in maven package org.apache.cayenne:cayenne-server