CVE-2019-0212
Summary
| CVE | CVE-2019-0212 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-28 22:29:00 UTC |
| Updated | 2023-11-07 03:01:00 UTC |
| Description | In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Apache HBase CVE-2019-0212 Authorization Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| oss-security - [CVE-2019-0212] Apache HBase REST Server incorrect user authorization | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| Pony Mail! | CONFIRM | lists.apache.org | Mailing List, Vendor Advisory |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 983780 Java (maven) Security Update for org.apache.hbase:hbase (GHSA-535v-4x9q-446c)