oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-34340: Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials

From: Christopher Tubbs <ctubbsii () apache org>
Date: Tue, 20 Jun 2023 19:33:44 +0000
Severity: critical

Affected versions:

- Apache Accumulo 2.1.0 before 2.1.1

Description:

Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.
This issue affects Apache Accumulo: 2.1.0.

Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are 
provided. Users are advised to upgrade to 2.1.1.

References:

https://accumulo.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-34340
Previous By Date Next
Previous By Thread Next

Current thread: