CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8025

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.9%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

Products affected by CVE-2018-8025

Apache » Hbase » Version: 0.92.0

cpe:2.3:a:apache:hbase:0.92.0
Apache » Hbase » Version: 1.0.1

cpe:2.3:a:apache:hbase:1.0.1
Apache » Hbase » Version: 1.0.1.1

cpe:2.3:a:apache:hbase:1.0.1.1
Apache » Hbase » Version: 1.0.2

cpe:2.3:a:apache:hbase:1.0.2
Apache » Hbase » Version: 1.1.0

cpe:2.3:a:apache:hbase:1.1.0
Apache » Hbase » Version: 1.1.0.1

cpe:2.3:a:apache:hbase:1.1.0.1
Apache » Hbase » Version: 1.1.1

cpe:2.3:a:apache:hbase:1.1.1
Apache » Hbase » Version: 1.1.2

cpe:2.3:a:apache:hbase:1.1.2
Apache » Hbase » Version: 1.2.0

cpe:2.3:a:apache:hbase:1.2.0
Apache » Hbase » Version: 1.2.6

cpe:2.3:a:apache:hbase:1.2.6
Apache » Hbase » Version: 1.2.6.1

cpe:2.3:a:apache:hbase:1.2.6.1
Apache » Hbase » Version: 1.3.0

cpe:2.3:a:apache:hbase:1.3.0
Apache » Hbase » Version: 1.3.2

cpe:2.3:a:apache:hbase:1.3.2
Apache » Hbase » Version: 1.3.2.1

cpe:2.3:a:apache:hbase:1.3.2.1
Apache » Hbase » Version: 1.4.0

cpe:2.3:a:apache:hbase:1.4.0
Apache » Hbase » Version: 1.4.4

cpe:2.3:a:apache:hbase:1.4.4
Apache » Hbase » Version: 1.4.5

cpe:2.3:a:apache:hbase:1.4.5
Apache » Hbase » Version: 2.0.0

cpe:2.3:a:apache:hbase:2.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8025

Products

Pricing

Contact Us