How severe is CVE-2018-8025?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2018-8025?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2018-8025 - HIGH Severity | CVSS 8.1

Vulnerability Description

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.

Related Vulnerabilities

CVE-2005-2352

HIGH

CVSS:8.1(High)

I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.

CWE-3622005

CVE-2006-4245

HIGH

CVSS:8.1(High)

archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

CWE-3622006

CVE-2009-4011

HIGH

CVSS:8.1(High)

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS cons...

CWE-3622009

CVE-2014-3701

HIGH

CVSS:8.1(High)

eDeploy has tmp file race condition flaws

CWE-3622014

CVE-2014-9748

HIGH

CVSS:8.1(High)

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to caus...

CWE-3622014

CVE-2015-1340

HIGH

CVSS:8.1(High)

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause an...

CWE-3622015