Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-6192

Drill is vulnerable to CVE-2017-12197

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.12.0
    • Fix Version/s: 1.13.0
    • Component/s: None
    • Labels:

      Description

      The current version of libpam4j bundled with MCS does not perform any authorization check. Any user with valid password could access the cluster even if the user account is disabled/password expired/'not allowed to access the service(pam_access ..)' etc..

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                volodymyr.tkach Volodymyr Tkach
                Reporter:
                volodymyr.tkach Volodymyr Tkach
                Reviewer:
                Arina Ielchiieva
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: