Published: 28/03/2019 Updated: 24/08/2020
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 534
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Summary

In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache hbase

Vendor Advisories

Impact: Moderate Public Date: 2019-03-27 CWE: CWE-285 Bugzilla: 1696006: CVE-2019-0212 hbase: Apache HB ...

Mailing Lists

CVE-2019-0212: HBase REST Server incorrect user authorization Versions affected: 200-204, 210-213 Credit: This issue was discovered by Gaurav Kanade - The Apache HBase PMC ...