CVE-2023-34340: Apache Accumulo Improper Authentication vulnerability
(updated )
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0.
Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.
References
- accumulo.apache.org/release/accumulo-2.1.1
- github.com/advisories/GHSA-hp5w-w29m-vg63
- github.com/apache/accumulo
- github.com/apache/accumulo/commit/0f2389735fd32e0bbc93ecde5d8c814b275b21b5
- github.com/apache/accumulo/issues/3427
- github.com/apache/accumulo/issues/3433
- github.com/apache/accumulo/pull/3440
- lists.apache.org/thread/syy6jftvy9l6tlhn33o0rzwhh4rd0z4t
- nvd.nist.gov/vuln/detail/CVE-2023-34340
Code Behaviors & Features
Detect and mitigate CVE-2023-34340 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →