{
    "containers": {
        "cna": {
            "affected": [
                {
                    "product": "Apache Hadoop",
                    "vendor": "n/a",
                    "versions": [
                        {
                            "status": "affected",
                            "version": "Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, 2.0.0-alpha to 2.10.0"
                        }
                    ]
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification."
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "description": "Privilege Escalation",
                            "lang": "en",
                            "type": "text"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "dateUpdated": "2022-07-25T16:24:22",
                "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
                "shortName": "apache"
            },
            "references": [
                {
                    "tags": [
                        "x_refsource_MISC"
                    ],
                    "url": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E"
                },
                {
                    "name": "[announce] 20210125 [CVE-2020-9492] Apache Hadoop Potential privilege escalation",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710%40%3Cannounce.apache.org%3E"
                },
                {
                    "name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson opened a new pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6%40%3Ccommits.druid.apache.org%3E"
                },
                {
                    "name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4%40%3Ccommits.druid.apache.org%3E"
                },
                {
                    "name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd%40%3Ccommits.druid.apache.org%3E"
                },
                {
                    "name": "[druid-commits] 20210225 [GitHub] [druid] liangrui1988 commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429%40%3Ccommits.druid.apache.org%3E"
                },
                {
                    "name": "[solr-issues] 20210419 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02%40%3Cissues.solr.apache.org%3E"
                },
                {
                    "name": "[solr-issues] 20210419 [jira] [Created] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26%40%3Cissues.solr.apache.org%3E"
                },
                {
                    "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370%40%3Cissues.solr.apache.org%3E"
                },
                {
                    "name": "[solr-issues] 20210702 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6%40%3Cissues.solr.apache.org%3E"
                },
                {
                    "name": "[solr-issues] 20211016 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb%40%3Cissues.solr.apache.org%3E"
                },
                {
                    "name": "[solr-issues] 20211015 [jira] [Resolved] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e%40%3Cissues.solr.apache.org%3E"
                },
                {
                    "name": "[solr-issues] 20211020 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4%40%3Cissues.solr.apache.org%3E"
                },
                {
                    "name": "[solr-issues] 20211022 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f%40%3Cissues.solr.apache.org%3E"
                },
                {
                    "tags": [
                        "x_refsource_MISC"
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                    "tags": [
                        "x_refsource_CONFIRM"
                    ],
                    "url": "https://security.netapp.com/advisory/ntap-20210304-0001/"
                }
            ],
            "x_legacyV4Record": {
                "CVE_data_meta": {
                    "ASSIGNER": "security@apache.org",
                    "ID": "CVE-2020-9492",
                    "STATE": "PUBLIC"
                },
                "affects": {
                    "vendor": {
                        "vendor_data": [
                            {
                                "product": {
                                    "product_data": [
                                        {
                                            "product_name": "Apache Hadoop",
                                            "version": {
                                                "version_data": [
                                                    {
                                                        "version_value": "Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, 2.0.0-alpha to 2.10.0"
                                                    }
                                                ]
                                            }
                                        }
                                    ]
                                },
                                "vendor_name": "n/a"
                            }
                        ]
                    }
                },
                "data_format": "MITRE",
                "data_type": "CVE",
                "data_version": "4.0",
                "description": {
                    "description_data": [
                        {
                            "lang": "eng",
                            "value": "In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification."
                        }
                    ]
                },
                "problemtype": {
                    "problemtype_data": [
                        {
                            "description": [
                                {
                                    "lang": "eng",
                                    "value": "Privilege Escalation"
                                }
                            ]
                        }
                    ]
                },
                "references": {
                    "reference_data": [
                        {
                            "name": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E",
                            "refsource": "MISC",
                            "url": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E"
                        },
                        {
                            "name": "[announce] 20210125 [CVE-2020-9492] Apache Hadoop Potential privilege escalation",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E"
                        },
                        {
                            "name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson opened a new pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E"
                        },
                        {
                            "name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E"
                        },
                        {
                            "name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E"
                        },
                        {
                            "name": "[druid-commits] 20210225 [GitHub] [druid] liangrui1988 commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E"
                        },
                        {
                            "name": "[solr-issues] 20210419 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E"
                        },
                        {
                            "name": "[solr-issues] 20210419 [jira] [Created] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E"
                        },
                        {
                            "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E"
                        },
                        {
                            "name": "[solr-issues] 20210702 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E"
                        },
                        {
                            "name": "[solr-issues] 20211016 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E"
                        },
                        {
                            "name": "[solr-issues] 20211015 [jira] [Resolved] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E"
                        },
                        {
                            "name": "[solr-issues] 20211020 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E"
                        },
                        {
                            "name": "[solr-issues] 20211022 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E"
                        },
                        {
                            "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                            "refsource": "MISC",
                            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                        },
                        {
                            "name": "https://security.netapp.com/advisory/ntap-20210304-0001/",
                            "refsource": "CONFIRM",
                            "url": "https://security.netapp.com/advisory/ntap-20210304-0001/"
                        }
                    ]
                }
            }
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-04T10:26:16.405Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "tags": [
                            "x_refsource_MISC",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E"
                    },
                    {
                        "name": "[announce] 20210125 [CVE-2020-9492] Apache Hadoop Potential privilege escalation",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710%40%3Cannounce.apache.org%3E"
                    },
                    {
                        "name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson opened a new pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6%40%3Ccommits.druid.apache.org%3E"
                    },
                    {
                        "name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4%40%3Ccommits.druid.apache.org%3E"
                    },
                    {
                        "name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd%40%3Ccommits.druid.apache.org%3E"
                    },
                    {
                        "name": "[druid-commits] 20210225 [GitHub] [druid] liangrui1988 commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429%40%3Ccommits.druid.apache.org%3E"
                    },
                    {
                        "name": "[solr-issues] 20210419 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02%40%3Cissues.solr.apache.org%3E"
                    },
                    {
                        "name": "[solr-issues] 20210419 [jira] [Created] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26%40%3Cissues.solr.apache.org%3E"
                    },
                    {
                        "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370%40%3Cissues.solr.apache.org%3E"
                    },
                    {
                        "name": "[solr-issues] 20210702 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6%40%3Cissues.solr.apache.org%3E"
                    },
                    {
                        "name": "[solr-issues] 20211016 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb%40%3Cissues.solr.apache.org%3E"
                    },
                    {
                        "name": "[solr-issues] 20211015 [jira] [Resolved] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e%40%3Cissues.solr.apache.org%3E"
                    },
                    {
                        "name": "[solr-issues] 20211020 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4%40%3Cissues.solr.apache.org%3E"
                    },
                    {
                        "name": "[solr-issues] 20211022 [jira] [Commented] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f%40%3Cissues.solr.apache.org%3E"
                    },
                    {
                        "tags": [
                            "x_refsource_MISC",
                            "x_transferred"
                        ],
                        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                    },
                    {
                        "tags": [
                            "x_refsource_CONFIRM",
                            "x_transferred"
                        ],
                        "url": "https://security.netapp.com/advisory/ntap-20210304-0001/"
                    }
                ]
            }
        ]
    },
    "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2020-9492",
        "datePublished": "2021-01-26T12:55:29",
        "dateReserved": "2020-03-01T00:00:00",
        "dateUpdated": "2024-08-04T10:26:16.405Z",
        "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1"
}