CVE-2019-10084

EPSS 0.1%
Veröffentlicht 05.11.2019 20:15:11
Zuletzt bearbeitet 21.11.2024 04:18:22
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 5 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Impala Version >= 2.7.0 <= 3.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.247

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://www.openwall.com/lists/oss-security/2019/11/04/1

Third Party Advisory

Mailing List

Mitigation

https://lists.apache.org/thread.html/ee73dd8dc38ac3b3b132c79c9a02cf9524af9aa11190474c0ebd1f13%40%3Cdev.impala.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2019-10084

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10084

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10084

EUVD