Search for vulnerabilities
Vulnerability details: VCID-qmd4-j2gq-qqeb
Vulnerability ID VCID-qmd4-j2gq-qqeb
Aliases CVE-2012-3376
GHSA-qmh2-h7r6-gm6q
Summary Client BlockTokens not checked in Apache Hadoop DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual HIGH http://archives.neohapsis.com/archives/bugtraq/2012-07/0049.html
epss 0.01302 https://api.first.org/data/v1/epss?cve=CVE-2012-3376
generic_textual HIGH https://github.com/apache/hadoop
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2012-3376
generic_textual HIGH https://seclists.org/fulldisclosure/2012/Jul/78
generic_textual HIGH https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
Reference id Reference type URL
http://archives.neohapsis.com/archives/bugtraq/2012-07/0049.html
https://api.first.org/data/v1/epss?cve=CVE-2012-3376
https://github.com/apache/hadoop
https://nvd.nist.gov/vuln/detail/CVE-2012-3376
https://seclists.org/fulldisclosure/2012/Jul/78
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.78775
EPSS Score 0.01302
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:28:46.012187+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qmh2-h7r6-gm6q/GHSA-qmh2-h7r6-gm6q.json 36.1.3