CVE-2018-15804 Information

Description

An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions it is possible for MapR ticket credentials to become compromised allowing a user to escalate their privileges to act as (aka impersonate) any other user including cluster administrators aka bug 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831 mapr-patch-5.2.2.44680.GA-20180802011430 mapr-patch-6.0.0.20171109191718.GA-20180802011420 and mapr-patch-6.0.1.20180404222005.GA-20180806214919.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://mapr.com/support/s/article/MapR-Ticket-Credentials-can-become-compromised

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8