CVE-2015-1836: Improper Access Control

October 18, 2018 (updated June 10, 2021)

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

References

github.com/advisories/GHSA-p8xr-4v2c-rvgp
nvd.nist.gov/vuln/detail/CVE-2015-1836

Code Behaviors & Features

Detect and mitigate CVE-2015-1836 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →