VDB
CVE-2018-1320
CVE-2018-1320
PUBLISHED
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
EPSS 0.09% · 26.0th percentile
Risk Scores
EPSS Score
0.09%
26.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | libthrift-java | 0.9.1-2, 0 |
| Ubuntu:16.04:LTS | libthrift-java | 0.9.1-2, 0 |
Exploit Intelligence
- https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 (circl)
…and 301 more exploits
Timeline
- Jan 7, 2019 CVE Published
- Jul 24, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Apr 16, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jun 28, 2021 PoC Published
- Oct 26, 2021 EPSS Score
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 18, 2021 PoC Published
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1320 third-party-advisory
- https://issues.apache.org/jira/browse/THRIFT-4506 third-party-advisory
- https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e third-party-advisory
- https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3Cuser.thrift.apache.org%3E third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1320 third-party-advisory