{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T07:18:43.817","vulnerabilities":[{"cve":{"id":"CVE-2018-1296","sourceIdentifier":"security@apache.org","published":"2019-02-07T22:29:00.240","lastModified":"2024-11-21T03:59:34.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent."},{"lang":"es","value":"En Apache Hadoop, desde la versión 3.0.0-alpha1 hasta la 3.0.0, 2.9.0, desde la 2.8.0 hasta la 2.8.3 y desde la 2.5.0 hasta la 2.7.5, HDFS expone pares de atributos de valor/clave extendidos durante listXAttrs, verificando solo el acceso de búsqueda a nivel de ruta al directorio en lugar de los permisos de lectura a nivel de ruta al referente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndIncluding":"2.7.5","matchCriteriaId":"330DD938-7CFA-4890-B9F1-2A9D9DDB9C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"D6E67A08-33CB-49FF-ACD9-96FD47139B1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.8.1:*:*:*:*:*:*:*","matchCriteriaId":"D430A9EF-5A77-4E47-9A64-E64FEA243B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.8.2:*:*:*:*:*:*:*","matchCriteriaId":"DFC32FB7-9A23-45F3-87FE-ADFB3EEEE574"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.8.3:*:*:*:*:*:*:*","matchCriteriaId":"0D221DB4-DEBC-4DF3-8ADB-2996C00F01D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:2.9.0:*:*:*:*:*:*:*","matchCriteriaId":"9AA8A5A7-0E96-4661-AE60-BA54C82991EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1E486028-681D-4B3E-95F6-CE42CDA88A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"C33530ED-6093-4B4C-AFDB-4DB5EB5878E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*","matchCriteriaId":"38BCF20D-169E-4847-8880-A223467B8639"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*","matchCriteriaId":"336DADCF-3302-423D-BFDC-72C031AD1CAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*","matchCriteriaId":"689B619C-04C4-43C6-B103-DDAAA9C9CC9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"1E457B6F-5F01-45C5-8568-7AF598721AEB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/106764","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e%40%3Cuser.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"http://www.securityfocus.com/bid/106764","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e%40%3Cuser.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}