[DRILL-6192] Drill is vulnerable to CVE-2017-12197 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.12.0
Fix Version/s: 1.13.0
Component/s: None
Labels:
- ready-to-commit

Description

The current version of libpam4j bundled with MCS does not perform any authorization check. Any user with valid password could access the cluster even if the user account is disabled/password expired/'not allowed to access the service(pam_access ..)' etc..

Attachments

Issue Links

links to

GitHub Pull Request #1136

Activity

People

Assignee:: Volodymyr Tkach

Reporter:: Volodymyr Tkach

Reviewer:: Arina Ielchiieva

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 27/Feb/18 18:09

Updated:: 12/Mar/18 09:31

Resolved:: 10/Mar/18 15:41